military bases gives users a pool of Ips that change regularly. Our
company has 2 external Ips that change as needed, so the guaranteed IP
connection isn't always true.
John
-----Original Message-----
From: Umer Farooq [mailto:[EMAIL PROTECTED]
Sent: Friday, October 15, 2004 11:33 AM
To: CF-Talk
Subject: Re: How to prevent multiple logins
At login store the users IP . ... and keep checking the IP against the
one stored... on each request..
if it changes... log the current user... out and say.. someone else from
another IP has logged in...
Burns, John D wrote:
> I think the biggest decision that the person who asked will have to
make
> is the business logic for when a session that is currently logged in
is
> no longer logged in. For instance:
>
> If User A logs in at 10AM and is given a 60 minute session and is
> somehow flagged as logged in (either in DB or app structure). The
user
> does 1 quick thing on the site and then closes the browser at 10:05AM.
> This user gets up and moves to another computer and attempts to log
into
> the site. He won't be allowed until 11AM if you do it this way.
Since
> there's no real-time checking if the client is still there (unless you
> use flash remoting or a "ping" type iframe - which I would say is
> overkill) then you can't really handle this type of situation without
> sacrificing, that once someone logs in, no one can log in with that
> account until the session expires (even the person who started the
> session...unless they're on the same machine and have a cookie or
> something).
>
> John
>
> -----Original Message-----
> From: Matt Robertson [mailto:[EMAIL PROTECTED]
> Sent: Thursday, October 14, 2004 4:15 PM
> To: CF-Talk
> Subject: Re: How to prevent multiple logins
>
> Barney Boisvert wrote:
> > Add a two fields to your user table: isLoggedIn and lastAccessDate.
>
> Or do it in an application structure and save yourself the db
overhead.
> I use/maintain a 2d array to show a bunch of stuff as part of a Who's
On
> app. When a user logs in their user ID is planted in their who's on
> 'record', (which defaults to zero if they are not logged in and just a
> visitor).
>
> Then when anyone tries to log in the array is checked to see if they
are
> already logged in. Steps are taken from there. Those steps can vary
> depending on your application (i.e. force the first user off the
system,
> deny the second user the login, kick them both off, alert the sysadmin
> etc.)
>
> You can find the Who's On code in the link below. Just add a few
array
> elements to the code in the article to do what you need.
>
>
http://mysecretbase.com/How_To_Build_A_Who_Is_On_Application_With_ColdFu
> sion.cfm
>
> And when you're done you also get a Who's On app as a byproduct. Just
> build something to loop over the array and display its contents.
>
> <shameless plug>
> I'm bringing out AccessMonger Pro in a couple of days and it does all
> this stuff and gee whiz a whole lot more.
> </plug>
>
> --
> --Matt Robertson--
> President, Janitor
> MSB Designs, Inc.
> mysecretbase.com
>
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
