> The main purpose for this would be to track login collisions > and make sure users aren't sharing log in info. > > If a user has a high number of collisions we can assume they > are sharing their credentials and take the appropriate > actions.
There are plenty of legitimate reasons for login collisions: I might be using the site from my desktop machine, walk into the conference room to give a demo of your website on the company laptop, and then walk out the door to a customer site where I access the site from my handheld mobile device. My computer may die (had 4 XP boxes push up daisies this past week in some fashion or another thanks to hardware failure or driver issues, out of ~50 I oversee) before I can log out and I need to use another machine. A user may flip back and forth between browsers which won't share session information. Things may compound if you offer an API -- multiple scripts may run that use the same login (my company has a handful of scripts that all access salesforce.com's API and can collide) So rather than pissing off users by *preventing* it, simply log hinky transactions and if you suspect they are violating your Terms of Service, fall back on your contractual agreement's audit-the-customer clause (if you're so fascistly controlling your users, you do have one, right?). I'm sure they'll love an audit because it's great for customer relations. -tkc --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~----------~----~----~----~------~----~------~--~---
