Agreed that you have to track who is logged in somewhere persistent like the database or Application scope.
You need to make a key decision here though. When someone tries to log into an account that you think is already logged in to, what do you want to happen? 1) Deny them access. Be VERY careful with this one because people don't like to log out and if someone just closes their window and your system still "thinks" they are logged in they will get locked out of your site and won't be able to log back in. You can mitigate this by storing a timestamp when they log in and automatically timing them out after so many minutes of inactivity (update the timestamp on every page hit) but the user who closes his window and immediately wants back in will still be locked out until he times out. 2) Kick out the previously logged in user in favor of the last one to log in. This will always allow access to the person logging in. Of course, you will need to have a way to log out whoever just got kicked off. I think if you did this you would need to keep not only the list of users logged in, but some client-specific session id to identify them. If User A hits a page with a different session id than the valid session id for that user, you say "sorry charlie, someone just booted you out" and you log them off. (This sounds kind of harsh, but it's exactly what a lot of instant messenger clients do--- "you have signed on at a different location") Your solution might depend on why you are doing this. Security, abuse prevention etc. ~Brad -------- Original Message -------- Subject: RE: Unique User Login From: "Dawson, Michael" <[email protected]> Date: Tue, October 20, 2009 8:21 am To: cf-talk <[email protected]> You should use the Application scope to determine who is logged-in. First, you need a login form. When the login form is submitted, first see if the username exists in an array that is stored in the Application scope. If the username exists in the array, deny further access. If the username does not exist in the array, then upon successful authentication, add the username to the Applciation-scoped array. Thanks, Mike -----Original Message----- From: Davide Campo [mailto:[email protected]] Sent: Tuesday, October 20, 2009 3:18 AM To: cf-talk Subject: Unique User Login Hi, i need to know how to create a Unique User Login in my app: when a user are logged in my app i want that nobody can log-in with the same username. I know that i must use the client variables but i don't understand which are the single steps to do it. thanks for help. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:327376 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
