>I know I can prevent any simultaneous logins by simply flagging the account >as "logged in" when a user logins. However, if the user closes the browser >or is disconnected without properly logging out, how would I go about >allowing them to log back in? Since as far as I know, the server and >database would therefore have no way of knowing the user disconnected and >would still see the user as logged in. I thought OnSessionEnd would do the >trick, but as was pointed out to me on this list OnSessionEnd only runs when >the session expires, not when the user disconnects. Any ideas are much >appreciated, thanks.
Forgetting the actual coding involved there are at least two schools of thought on this. +) Token-Based Refusal In this style you'd store a token (as simple as an IP address but you might also include User Agent or anything else you can get your hands on or place a GUID in a cookie) along with the "logged in" status. When another login is attempted using the same credentials you'd compare the information: if it's the same you'd allow the access. If the user accidentally closes the browser they still have to log in, but if the info matches they get in immediately. It isn't perfect (far from it) but it works well enough. One issue is how to mange the information: you can't keep it forever (or else you'd be tying use of the application to a single computer). Often you might manage this by having the information valid only as long as long as the session is (that way whether or not it's the same person logging in there's no conflict). But you still might run into problems. +) Bumping This is the system adopted by many Instant Messaging systems: a new logon will kill a current log on. The message "You have logged in on another computer" epitomizes it. The session from the old computer is eliminated completely and the new session becomes the "real" one. This honestly annoys me with IM but you'd have to review the idea with your audience in mind. If there are actually two people trying to use the same account this can result in a tug-of-war with the credential rights, but that might be what you want. Both methods assume that you a) know the details of your user's status (know whose logged in) and b) can affect that status in some way. If the existence of a session implies a login then you've lost control for example. This usually means implementation of some kind of "logged in queue" or the like. Once you can interrogate whose logged in and modify that status either of these options become much simpler to implement. Jim Davis ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| ColdFusion 8 beta â Build next generation applications today. Free beta download on Labs http://www.adobe.com/cfusion/entitlement/index.cfm?e=labs_adobecf8_beta Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:281821 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
