On Wed, Jul 23, 2008 at 1:12 PM, Jonathan Rockway <[EMAIL PROTECTED]> wrote: > * On Wed, Jul 23 2008, Daniel McBrearty wrote: >> What I'd like to do is check if this user is already logged in at some >> other computer, and deny access if so. > > I would probably store sessions in the database, and then store the > session ID in the user table at login time (current_session) or > something. Then when they log in again, you can join in the session > row, check the expiration time in that row, and then allow/deny the > login. You can also use that opportunity to delete the session from the > database so that the other machine no longer has a valid session. > > I don't think the file-based session stores provide this much > flexibility, but you could probably hack something similar if you really > needed to. > > Regards, > Jonathan Rockway > > -- > print just => another => perl => hacker => if $,=$" >
I agree this is the way to go, and it would be pretty easy to write a Credential that inherits from Password that does the additional check before succeeding. That way your controllers stay thin, and this feature is more easily tuned and configured. -J _______________________________________________ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/