W liście Randy Syring z dnia sobota 13 czerwca 2009: > I am building a web application using beaker sessions integrated with > a "home grown" database auth mechanism. Currently, when a user logs > in, all I do is validate their login credentials against info in the > DB, and if valid, put some basic information in their beaker session > that identifies who they are and what permissions they have on the > system.
I haven' tried it, but those are my ideas: Store somewhere on the server (eg in the database, but keep reading) the id of the "valid" session for given user. All other sessions for that user would be considered invalid, so access would be denied (or limited, whatever you need) for those "invalid" sessions. You would check validity for each request and update the DB record after successful login (effectively kicking off all other sessions sharing this user account). If you want to avoid using database for that, then you could try memcache. After successful login you'd put the session id into memcache under key based on user id (eg "sessionforuser_%(id)s"). Then upon each login you would verify that key and disable session if it does not match. Basically this is the same as above, but using memcache (or other key/value store) instead of db. If I understand correctly, this can be simplified even further. You can have only one valid session for given user_id at a time. Suppose you store id of that session in the db. When the user logs in second time, you'd check the db and find id of the previous session for that user - so you know which session to terminate. Thus you'd only need to check database during login, so probably going with memcache for that would not be neccessary. I haven't checked if beaker provides API to terminate session by id, but this should be pretty simple to implement. Fourth solution would be to use tagging of sessions, but this is even more work (I guess). > One other thing: I would like, if possible, to not have to hit the db > for every request just to see if I need to logout the current user. -- Paweł Stradomski --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en -~----------~----~----~----~------~----~------~--~---
