> I know I can prevent any simultaneous logins by simply flagging the > account > as "logged in" when a user logins. However, if the user closes the browser > or is disconnected without properly logging out, how would I go about > allowing them to log back in?
I think maybe, he means that he's trying to prevent two different people from logging in with same credentials. In this scenario, a user who doesn't click a logout button or something, will not be allowed to log back in with his own credentials, because they are still marked "logged in". What I've done, rather than use a "loggedin" boolean field, is create a separate field in the user table called "validate". On login, you create a UUID and insert it into the validate db field, and also have a session variable with the same UUID. On each request you check the session variable against the db variable and make sure they match. If someone else logs in with the same credentials, a new UUID is inserted in the db, and the currently logged in person is logged out because their validation fails. In this way, only one person at a time may be logged in with a certain credential, but you don't have the problem of them not being able to log back in before the session ends. -- Josh ----- Original Message ----- From: "Andy Matthews" <[EMAIL PROTECTED]> To: "CF-Talk" <cf-talk@houseoffusion.com> Sent: Thursday, June 21, 2007 10:00 AM Subject: RE: How to Prevent Simultaneous Login / Session Management > You shouldn't have an issue with this. > > Their browser should keep the cookie related to their server session and > remember that they're logged in. If the session expires before they reopen > their browser, then they'll get redirected to the login screen anyway. > > andy > > -----Original Message----- > From: Paul Henderson [mailto:[EMAIL PROTECTED] > Sent: Thursday, June 21, 2007 11:11 AM > To: CF-Talk > Subject: How to Prevent Simultaneous Login / Session Management > > I know I can prevent any simultaneous logins by simply flagging the > account > as "logged in" when a user logins. However, if the user closes the browser > or is disconnected without properly logging out, how would I go about > allowing them to log back in? Since as far as I know, the server and > database would therefore have no way of knowing the user disconnected and > would still see the user as logged in. I thought OnSessionEnd would do the > trick, but as was pointed out to me on this list OnSessionEnd only runs > when > the session expires, not when the user disconnects. Any ideas are much > appreciated, thanks. > > > > > > > > > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| CF 8 â Scorpio beta now available, easily build great internet experiences â Try it now on Labs http://www.adobe.com/cfusion/entitlement/index.cfm?e=labs_adobecf8_beta Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:281818 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
