How do people prevent the same user from logging into an application with the
same userid from multiple machines? We have users who are sharing their IDs
which is causing application failures with the concurrent sessions.
~|
You can go through all an applications current sessions using the
SessionTracker class, but I've found this to be very slow.
Instead I switched to keeping a list of logged in users in the
application scope. Users get pushed into here when they login, and
removed from here when they click
How do people prevent the same user from logging into an application
with the same userid from multiple machines? We have users who are
sharing their IDs which is causing application failures with the
concurrent sessions.
There's an undocumented function you can use to check for existing
I discourage people from using the SessionTracker class to do anything
other than a simple count of active sessions. Access to a specific
session via the SessionTracker class updates the last access time of
that session, which interfers with sessions reaching their expiration
time. The method you
I discourage people from using the SessionTracker class to do anything
other than a simple count of active sessions. Access to a specific
session via the SessionTracker class updates the last access time of
that session, which interfers with sessions reaching their expiration
time.
I had thought
It ends when the timeout is reached or when the browser window is closed,
depending on
how you have things set up. If you clear session variables upon logout, the
session is still running, but it is empty.
A point of clarification, the session ONLY ends when the timeout is reached, or
the CF
I was thinking of J2EE session when I wrote that, but you are correct
that I should have been clearer, especially when it comes to the
OnSessionEnd code. Thanks for making the clarification, because it is
an important concept. I was thinking along the lines of the unique ID
used to track sessions,
7 matches
Mail list logo