On 18 Jul., 12:12, Cédric Krier <[email protected]> wrote: > > In the changeset 653, I have change the session management to allow more > > than one session per users. > http://www.tryton.org/hgwebdir.cgi/trytond/rev/571b3bd92246 > > > > What do you think about this? > > Is it good for the security? > > Can we just limit to one session and force people to use more user > login? > > My opinion is that there are cons and pros:
The con would be that we won't know which one of the different session has modified/created a registry since we only keep write_uid and create_uid and not the session, therefore if same user is logged in with 2 different sessions at the same time, then we won't be able to tell. Nevertheless the advantage is that in the future other interfaces of Tryton (Web or mobile) will be more popular and they will make people to want to be loggedin simultaneously with the same user (like Gmail for example) and this feature will be a must have in the future. That was my opinion of the matter. Regards. Ivan. -- -- [email protected] mailing list
