You can go through all an applications current sessions using the SessionTracker class, but I've found this to be very slow.
Instead I switched to keeping a list of logged in users in the application scope. Users get pushed into here when they login, and removed from here when they click LogOut, or when their session times out (via OnSessionEnd). I store the users in a structure, using their username as a key, and their session information as the value. Then when someone logs in, I check the application variable. If a user exists in there, you know they are already logged in from another session. At that point you still have the use the SessionTracker to reach into that other session and invalidate it - but this is much faster since you aren't looping through all the sessions, you are just reaching into one known session. -Ryan Wally Randall wrote: > How do people prevent the same user from logging into an application with the > same userid from multiple machines? We have users who are sharing their IDs > which is causing application failures with the concurrent sessions. > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Create robust enterprise, web RIAs. Upgrade to ColdFusion 8 and integrate with Adobe Flex http://www.adobe.com/products/coldfusion/flex2/?sdid=RVJP Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:294456 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
