Surely checking only during your logon script would be smarter and more efficient than checking on EVERY REQUEST? I mean, how many times during a request does a user logon????
Freundliche Grüße / Best regards, Bill Franklin Computer Integrated Mfg. Bayer CropScience LP 8400 Hawthorne Road, Room 2447 Kansas City, MO 64120 Tel: +1 816 242 2148 Fax: +1 816 242 2047 E-mail: bill.frank...@bayer.com Web: http://www.bayercropscience.com Vorstand: Sandra E. Peterson, Vorsitzende | Lykele van der Broek, Achim Noack, Rüdiger Scheitza, Michael A. Schulz Vorsitzender des Aufsichtsrats: Werner Baumann Sitz der Gesellschaft: Monheim am Rhein | Eintragung: Amtsgericht Düsseldorf, HRB 46985 -----Original Message----- From: Cameron Childress [mailto:camer...@gmail.com] Sent: Friday, July 06, 2012 10:46 AM To: cf-talk Subject: Re: Force logout a user On Sat, Jul 7, 2012 at 10:38 AM, Uday Patel <udayjpatel2...@gmail.com>wrote: > I want to force logout a user if he logs in on another machine. I am > using > CF9 and session scope to track user user logins. what are the possible > ways of achieving this. Unique CF sessions are tracked using either CF's internal CFID/CFTOKEN or JSessionID as a unique session identifier, depending on how you have configured in in the administrator. These are typically stored as cookies in the visitors browser and are the single best way to determine "unique logins". The visitor's IP address is not a reliable tacking mechanism and should NOT be used for this. The best/simplest way that I can think of to do this is that when the user logs into your website, store that session identifier (CFID/etc) in a database field along with that user's record in the database. Then, on each request, check that user's database record to see if the user's session identifier matches the one in the database. If it does not, log them out. This does require an extra DB hit with each request, and could be replaced by a mechanism that lives in another shared scope like the application scope, but that will require significantly more effort. If your app does not have heavy load, using the database for this should be fine. -Cameron -- Cameron Childress -- p: 678.637.5072 im: cameroncf facebook <http://www.facebook.com/cameroncf> | twitter<http://twitter.com/cameronc> | google+ <https://profiles.google.com/u/0/117829379451708140985> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:351854 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm