My solution - when I'm not using sfGuard 1. during user login create an unique id (can be session id) and store it to the session[session_id] and to the database to this user row e.g. column login_session 2. every page load you are testing if user is logged - probably testing if some session e.g. session[logged] is true and testing if session[session_id] is the same as the database column login_session - session[logged] is not true - user isn't logged - if session[session_id] isn't equal with login_session - the user logged from another computer (or browser)
Of course you haven't to generate a random number and store it to the session[session_id] but simply use the session id. But there comes another little problem when you are using session_regenerate_id() - as protection against Session Fixation. In that case you have to store new session_id to the database every time you regenerate it. On 29 led, 04:43, ken <marfillas...@gmail.com> wrote: > This is my solution. > shemahttp://gist.github.com/289418 > > myUserhttp://gist.github.com/289424 > > then insert this filter before the security > filterhttp://gist.github.com/289425 > > On Jan 29, 12:31 am, "yth" <digital_...@yahoo.com.hk> wrote: > > > > > Dear ken, > > > Is this possible to avoid modifiying the database schema? > > I am not using sfGuardUserPlugin but I am thinking like this: > > > 1. Somebody logins > > 2. His login id (member id) and password are first checked and they are > > correct > > 3. An attribute member_id is set to his member id in the session > > 4. He forgot to logout and later logins in another computer or same computer > > but different browser > > 5. His login id (member id) and password are first checked and they are > > correct > > 6. Scan for all sessions and check if there is one having member_id > > attribute set to his member id > > 7. If there is one, kill that old session > > 8. A session attribute member_id is set to his member id in the new session > > > Is this solution feasible? But I don't know how to do steps 6-7. > > > ----- Original Message ----- > > From: "ken" <marfillas...@gmail.com> > > To: "symfony users" <symfony-users@googlegroups.com> > > Sent: Thursday, January 28, 2010 11:15 PM > > Subject: [symfony-users] Re: Making sure a login id only has one session at > > > any moment > > > The best solution for this is use database session. Add session_id > > column in the Profile table. This field has to be set during login. So > > if you are using sfGuardUserPlugin, you can override the signIn method > > in myUser. With the session_id at hand you will be able to check if > > user is signed in in another machine via the Session table. > > > You will also need to take account of the remote host. > > > On Jan 28, 10:15 pm, DEEPAK BHATIA <toreachdee...@gmail.com> wrote: > > > I think you can set a field in database setting login status to true. > > > Now if the person again logs in and you find from database, you can > > > take him to the logout screen/error screen. > > > > On Thu, Jan 28, 2010 at 7:27 PM, Tom Ptacnik <to...@tomor.cz> wrote: > > > > Why do you want to kill his old session? > > > > > On 28 led, 04:21, "yth" <digital_...@yahoo.com.hk> wrote: > > > >> Dear all, > > > > >> When a user logins, the controller calls the following function in the > > > >> myUser.class. The problem is, if he doesn't logout but then logins in > > > >> another computer/browser, the old session does not get killed. I tried > > > >> to > > > >> use setAuthenticated(false) on users who have already authenticated, > > > >> hoping > > > >> that his old session will get killed before he gets a new one. But it > > > >> doesn't work. > > > > >> Many thanks to you all. > > > > >> // Viewable inhttp://pastebin.com/f765fff66 > > > > >> public function login($loginId,$pwd){ > > > > >> $member=MemberPeer::getByLoginIdAndPassword($loginId,$pwd); > > > > >> if(!is_null($member)) { > > > > >> if($this->isAuthenticated()) > > > >> $this->setAuthenticated(false); // I would like to > > > >> logout the user if he/she already has a session, but it doesn't work > > > > >> $this->setAuthenticated(true); > > > >> $member->setLastLoginAt(time()); > > > >> $member->save(); > > > >> $this->setAttribute('member_id', $member->getMemberId()); > > > > >> return true; > > > >> } > > > >> return false; > > > > >> } > > > > > -- > > > > You received this message because you are subscribed to the Google > > > > Groups "symfony users" group. > > > > To post to this group, send email to symfony-us...@googlegroups.com. > > > > To unsubscribe from this group, send email to > > > > symfony-users+unsubscr...@googlegroups.com. > > > > For more options, visit this group > > > > athttp://groups.google.com/group/symfony-users?hl=en. > > > -- > > You received this message because you are subscribed to the Google Groups > > "symfony users" group. > > To post to this group, send email to symfony-us...@googlegroups.com. > > To unsubscribe from this group, send email to > > symfony-users+unsubscr...@googlegroups.com. > > For more options, visit this group > > athttp://groups.google.com/group/symfony-users?hl=en. > > > __________ NOD32 4813 (20100128) Information __________ > > > This message was checked by NOD32 antivirus system.http://www.eset.com -- You received this message because you are subscribed to the Google Groups "symfony users" group. To post to this group, send email to symfony-us...@googlegroups.com. To unsubscribe from this group, send email to symfony-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en.
