I am building a web application using beaker sessions integrated with a "home grown" database auth mechanism. Currently, when a user logs in, all I do is validate their login credentials against info in the DB, and if valid, put some basic information in their beaker session that identifies who they are and what permissions they have on the system.
My client's business model is based on the number of login ids purchased and they would therefore like to limit the possibility of multiple users sharing a single login. I would like advice on how to go about doing this. 1) When a user tries to login to the site, once their credentials have been verified, how do I see if a session for that login is already active? 2) I would like to give a given user the option of killing any other open sessions for their login, so that if they switch computers, they can continue working without waiting for the other session to timeout. How can I force other sessions to expire? One other thing: I would like, if possible, to not have to hit the db for every request just to see if I need to logout the current user. Thanks. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en -~----------~----~----~----~------~----~------~--~---
