Re: multiple sessions overwriting each others' data

Wed, 27 Sep 2006 10:26:12 -0700 

Hi Shane,
actually Turbine is doing it a bit different. Once a User logs in, the User Object is stored within the session. And is made accessible through RunData.getUser(); So the question really is, how do you update the user? Through RunData.getUser().set...()? or through updates on the Database using TurbineSecurity? When the Logout occurs, the following happens (from LogoutUser) 
{
   User user = data.getUser();
    if (!TurbineSecurity.isAnonymousUser(user))
   {
       // Make sure that the user has really logged in.../
       if (!user.hasLoggedIn())
       {
           return;
       }
       user.setHasLoggedIn(Boolean.FALSE);
       TurbineSecurity.saveUser(user);
}
as you see, the object in the db will always be overwritten with the user that is stored inside the session. I have implemented something, that only allowed one user to be logged in at a given time. If another user logs the second time, the first user is logged out automatically. If you are interested I can provide the source. 

Kind regards

Juergen Hoffmann

Shane Beasley schrieb:

 Jürgen Hoffmann wrote:

> Hi Shane,

 Hi there. Thanks for replying!

> How do you store the modifications the user has made? Within the
> Users temporary storage, or within a pull tool?

 Actually, neither; I just added fields to the TurbineUser object
 itself. (This is a fairly simple webapp, and so I kept the schema
 simple, too.)

 I realize that this is part of the problem, and mentioned in the
 previous message that one solution might be to "refactor TurbineUser
 to not have anything interesting in it."

 However, this issue seems to be somewhat independent of my situation.
 For instance, consider where a user starts session X, starts session
 Y, changes his password in session Y, and leaves session X to expire.
 At that time, TorqueUserManager will then save the unchanged
 TurbineUser object from session X, and the password would revert to
 its original value, which I'm sure is a surprise to the user. And, of
 course, you can't just refactor the password out of the TurbineUser
 object. :)

 I hope that clarifies things a bit.

 Shane

 ---------------------------------------------------------------------
 To unsubscribe, e-mail: [EMAIL PROTECTED]
 For additional commands, e-mail: [EMAIL PROTECTED]


 !EXCUBATOR:1,451a9a7953071159436427!



---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to