For reference: SSO - http://en.wikipedia.org/wiki/Single_sign_on
What you want to do is part of user management. When the user log
in, mark them in some global store as logged in. The request scope
or a DB are perfect here. On every login check to make sure the user
isn't already logged in. If he is, deny the new login OR forcibly
log out the other session. Honestly, denying the new login is best
and easiest. Its pretty straight forward, BUT it will result in
users being pissed off when they close their browser and need to get
back in to the app. They have to wait for the previous session to
expire for that to happen...
-dhs
Dean H. Saxe, CISSP, CEH
[EMAIL PROTECTED]
"[T]he people can always be brought to the bidding of the leaders.
This is easy. All you have to do is to tell them they are being
attacked, and denounce the pacifists for lack of patriotism and
exposing the country to danger. It works the same in every country."
--Hermann Goering, Hitler's Reich-Marshall at the Nuremberg Trials
On Aug 15, 2007, at 1:36 PM, Ajas Mohammed wrote:
then what is it called?
or rather whatever its called, can we implement what I have
mentioned using CF? what would be a good starting point for that
and has anybody implemented this feature?
Thanks
On 8/15/07, Dean H. Saxe <[EMAIL PROTECTED]> wrote:
That's not single sign-on. ;-)
-dhs
Dean H. Saxe, CISSP, CEH
[EMAIL PROTECTED]
"Great spirits have often encountered violent opposition from weak
minds."
--Einstein
On Aug 15, 2007, at 11:45 AM, Ajas Mohammed wrote:
> Right now more than 1 user can login to our application using the
> same username pwd. For example, in yahoo messenger you can be
> logged on at one system only. If you try to login at diff system,
> you are logged off from the first system. I wanted to implement
> something like that so only 1 person would be using a username pwd
> and even if the uname pwd are shared, only 1 person could login
> with that username pwd.
>
> Thanks,
>
>
>
> On 8/15/07, Dean H. Saxe < [EMAIL PROTECTED]> wrote:
> What's the question?
>
> -dhs
>
>
> Dean H. Saxe, CISSP, CEH
> [EMAIL PROTECTED]
> "Great spirits have often encountered violent opposition from weak
> minds."
> --Einstein
>
>
> On Aug 15, 2007, at 11:20 AM, Ajas Mohammed wrote:
>
> > Hi,
> > In our web application we have user login feature but no SSO
> > (single sign on). Before someone starts saying bad practice and
all
> > that, I would like to clarify that this was built long time back
> > and we are thinking of adding it to our application.
> >
> > Any guidance on this would be appreciated. We are CF7, IIS, SQL
> > Server 2000 shop. Let me know if you need further information. Any
> > good links or information would help.
> >
> > Thanks,
> >
> > --
> > <Ajas Mohammed />
> > http://ajashadi.blogspot.com
> > No matter what, find a way. Because thats what winners do.
> > You can't improve what you don't measure.
> > -------------------------------------------------------------
> > Annual Sponsor - Figleaf Software
> >
> > To unsubscribe from this list, manage your profile @
> > http://www.acfug.org?fa=login.edituserform
> >
> > For more info, see http://www.acfug.org/mailinglists
> > Archive @ http://www.mail-archive.com/discussion%40acfug.org/
> > List hosted by FusionLink
> > -------------------------------------------------------------
>
>
>
> -------------------------------------------------------------
> Annual Sponsor FigLeaf Software - http://www.figleaf.com
>
> To unsubscribe from this list, manage your profile @
> http://www.acfug.org?fa=login.edituserform
>
> For more info, see http://www.acfug.org/mailinglists
> Archive @ http://www.mail-archive.com/discussion%40acfug.org/
> List hosted by http://www.fusionlink.com
> -------------------------------------------------------------
>
>
>
>
>
>
> --
> <Ajas Mohammed />
> http://ajashadi.blogspot.com
> No matter what, find a way. Because thats what winners do.
> You can't improve what you don't measure.
> -------------------------------------------------------------
> Annual Sponsor - Figleaf Software
>
> To unsubscribe from this list, manage your profile @
> http://www.acfug.org?fa=login.edituserform
>
> For more info, see http://www.acfug.org/mailinglists
> Archive @ http://www.mail-archive.com/discussion%40acfug.org/
> List hosted by FusionLink
> -------------------------------------------------------------
-------------------------------------------------------------
Annual Sponsor FigLeaf Software - http://www.figleaf.com
To unsubscribe from this list, manage your profile @
http://www.acfug.org?fa=login.edituserform
For more info, see http://www.acfug.org/mailinglists
Archive @ http://www.mail-archive.com/discussion%40acfug.org/
List hosted by http://www.fusionlink.com
-------------------------------------------------------------
--
<Ajas Mohammed />
http://ajashadi.blogspot.com
No matter what, find a way. Because thats what winners do.
You can't improve what you don't measure.
-------------------------------------------------------------
Annual Sponsor - Figleaf Software
To unsubscribe from this list, manage your profile @
http://www.acfug.org?fa=login.edituserform
For more info, see http://www.acfug.org/mailinglists
Archive @ http://www.mail-archive.com/discussion%40acfug.org/
List hosted by FusionLink
-------------------------------------------------------------
-------------------------------------------------------------
Annual Sponsor FigLeaf Software - http://www.figleaf.com
To unsubscribe from this list, manage your profile @
http://www.acfug.org?fa=login.edituserform
For more info, see http://www.acfug.org/mailinglists
Archive @ http://www.mail-archive.com/discussion%40acfug.org/
List hosted by http://www.fusionlink.com
-------------------------------------------------------------
