Mark, I don't know if this is the way to go, but it might spark some ideas for you that solve the initial problem, as well as addressing Benoit's point. You store your usernames and passwords in a table, I assume. If you can modify that table, add a LastActivity column of type date/time. When someone signs in, you look up the uid/pwd, verify it, and then stamp that column with the current date/time. In the Application.cfm for the site, you restamp the column on every page (a bit of extra overhead--someone may have a better idea on this point). Then here's the logic in various situations:
1) User presses "log out" button. Erase the date/time stamp. 2) Second user tries to log in. Presence of a value in the LastActivity column means that the person is already in. Just in case they have simply walked away, the value is checked. If it's older than some set amount of time (e.g., thirty minutes), they get logged out automatically. 3) User leaves without pressing "log out". Then they come back to sign in and it won't let them. You explain that it may have to do with the timeout issue and tell them to be sure to press "log out" in the future, all on top of a message that says "one person at a time". 4) Keep the signed-in state in a session variable. That way, if the person leaves, their sign-in session variable will time out. But activity will keep it alive. Hope this helps. Matthieu -----Original Message----- From: Benoit Hediard [mailto:[EMAIL PROTECTED]] Sent: Monday, October 14, 2002 1:59 PM To: CF-Talk Subject: RE: Duplicate UserNames / Passwords logging into a site I don't think that there is clean way to accomplish this. Because there is no good way to know when the user log off (for example if the user closes the browser window, instead of clicking on the "Deconnect" button...). If you implement a system based on application scope (to register all the "online" people), you might lock an account. Let's say you close your browser (or that it hangs), the user will not be removed from the application structure registering all the Session IDs. Come back 1 hour later, you'll get a new session ID from CF : the system will say, sorry this user is still online and you won't be able to log in... With FlashCom, it would be possible, because you get 2-way communication protocol, but you'll need a FlashMX client. Benoit Hediard www.benorama.com -----Message d'origine----- De : Mark Leder [mailto:[EMAIL PROTECTED]] Envoyé : lundi 14 octobre 2002 19:30 À : CF-Talk Objet : Duplicate UserNames / Passwords logging into a site Hi All, I need some ideas on the best approach to the following: I have a subscription based site, where everyone has their own user name and password (I keep duplicates from being entered in the database). However, the problem is with sharing of usernames and passwords. Say for example I log in as UID = "mark" and PWD = "12345", while I'm in using the site, someone else can use this same user name and password to log in and use the site illegally. The ideal situation would be if I were logged in, then a second person tries to use my UID and PWD, the second person is denied access, and the first person is booted out and given a warning screen that they account may be deactivated because of abuse. I use session management on this site, but have not implemented cookies. What would be a good way to accomplish this? Thanks, Mark ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm
