> But if you force off the first login, that may not be the same user, but
> it may be a different user using the same login. You can't force
> someone off while they're in the app.
Oh yes you can, and depending on your business rules maybe you should.
If only one user is supposed to use that login at any one time for
terms-of-service reasons (i.e. a paid unique subscriber) then the
bumped user gets what they deserve, or at least they get diminished
utility from their stolen/misused login. If its an innocent thing
they know they aren't supposed to be doing its a lesson learned and a
discouragement of the forbidden behavior.
If its a business user who is also beholden to company policy that
says one login per person, then you are protecting that single user's
ability to keep using the system. If a co-worker comes to their desk
after they have forgotten to log out then this is a back-handed way of
helping to protect the user from their own poor practices.
Hopefully if going this route you are also logging the duplicate login
attempts for managerial review.
If its a mission-critical app of some sort that dictates a user must
complete their session no matter what then I would argue you shouldn't
be enforcing unique logins in the first place as the real world will
get in the way without some controls, as was mentioned earlier in the
thread. For that you need a system that can expressly allow unique
logins, perhaps again with managerial log review so your admins are at
least aware of the occurrences.
--
--Matt Robertson--
President, Janitor
MSB Designs, Inc.
mysecretbase.com
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
