> So I really want to do something like write a custom "log in" that only
> allows 1 user (of a certain group) to log in at a time. Or I could use a
> global "lock" variable on the top of the relevant pages that only lets 1
> session through, and redirects all other requests. But to do any of these
> things, I need to be able to examine all active sessions (I enabled the
> idle timeout so the session will be destroyed if the user forgets to log
> out) & I can't find an API to do so. I could keep track of the sessions
> myself but then I would have to do my own idle timeout logic which might
> not keep in sync with the idle timeout logic in TG, resulting in cases
> where noone could log in, etc.
>
> Is there a way to get a list of all currently active sessions in TG?
If you're using "visits" you'd have a session key stored in the visit_identity
table. That's how I lock out users. My login method checks in the
visit_identity if there's already a key for the user_id currently trying to
log in. If so, the user is immediately logged out again and redirected to a
page stipulating the reason (duplicate login)
This doesn't require anything additional to the standard identity and visit
tracking (in TG 1.x that is. I have no idea about TG2 since the whole
identity thing seems a bit wobbly to me at the moment).
The moment you delete a row in the visit identity table the user is logged
off.
Programatically you can log a user trying to log in a second time off by using
identity.current.logout()
in the login method (with some kind of logic around it to determine whether
that user is already in the visit identity table)
HTH
Uwe
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"TurboGears" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/turbogears?hl=en
-~----------~----~----~----~------~----~------~--~---
