On Tuesday, October 14, 2014 9:01:19 PM UTC+3, Mandar Vaze wrote: > Is it possible to either : > not allow login from MachineB (show message that "You are currently logged > in from MachineA - continue to access the application from MachineA, or > logout from MachineA"... or some such message.) > OR > allow login from MachineB - but forcefully log out userA from MachineA > (since login from MachineB was later) >
You need to identify machine a or machine b. This is not a trivial problem - IP address may change because of ISP proxies (false positive) and may be unified because of ISP (e.g. two unrelated people using a mobile connection may come out with the same IP address) . The common solution is to look for a unique cookie you set (e.g. My-Computer-Identifier:) and if it doesn't exist, set it to some random uuid you generate. Then, allow just one such cookie to be acceptable at the same time. If a different cookie arrives, either refuse or require a new login and replace it. But note that this is also not foolproof - some browser syncing extensions will sync cookies as well. -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
