Could be very expensive to loop through every existing session for every login process, don't you think? But that depends on your expectations.
I guess the other way around seems to be the much more useful way: storing the session_id to the userprofile in database. Saving the sessions themselves in the database (e.g. with sfPDOSessionStorage) you are able to establish relations between those two tables and adding a foreign key constraint like onDelete SET NULL you can make use of the session garbage collector of php to get your data cleaned up without any additional effort. Anyway, if your concerne is about point "4. He forgot to logout", garbage collection will hopefully destroy the session for you. Maybe we try to identify what your exact need is, before we propose solutions for some problems that should be seen from a different angle? On 28 Jan., 17:31, "yth" <[email protected]> wrote: > Dear ken, > > Is this possible to avoid modifiying the database schema? > I am not using sfGuardUserPlugin but I am thinking like this: > > 1. Somebody logins > 2. His login id (member id) and password are first checked and they are > correct > 3. An attribute member_id is set to his member id in the session > 4. He forgot to logout and later logins in another computer or same computer > but different browser > 5. His login id (member id) and password are first checked and they are > correct > 6. Scan for all sessions and check if there is one having member_id > attribute set to his member id > 7. If there is one, kill that old session > 8. A session attribute member_id is set to his member id in the new session > > Is this solution feasible? But I don't know how to do steps 6-7. > > ----- Original Message ----- > From: "ken" <[email protected]> > To: "symfony users" <[email protected]> > Sent: Thursday, January 28, 2010 11:15 PM > Subject: [symfony-users] Re: Making sure a login id only has one session at > > any moment > > The best solution for this is use database session. Add session_id > column in the Profile table. This field has to be set during login. So > if you are using sfGuardUserPlugin, you can override the signIn method > in myUser. With the session_id at hand you will be able to check if > user is signed in in another machine via the Session table. > > You will also need to take account of the remote host. > > On Jan 28, 10:15 pm, DEEPAK BHATIA <[email protected]> wrote: > > I think you can set a field in database setting login status to true. > > Now if the person again logs in and you find from database, you can > > take him to the logout screen/error screen. > > > On Thu, Jan 28, 2010 at 7:27 PM, Tom Ptacnik <[email protected]> wrote: > > > Why do you want to kill his old session? > > > > On 28 led, 04:21, "yth" <[email protected]> wrote: > > >> Dear all, > > > >> When a user logins, the controller calls the following function in the > > >> myUser.class. The problem is, if he doesn't logout but then logins in > > >> another computer/browser, the old session does not get killed. I tried > > >> to > > >> use setAuthenticated(false) on users who have already authenticated, > > >> hoping > > >> that his old session will get killed before he gets a new one. But it > > >> doesn't work. > > > >> Many thanks to you all. > > > >> // Viewable inhttp://pastebin.com/f765fff66 > > > >> public function login($loginId,$pwd){ > > > >> $member=MemberPeer::getByLoginIdAndPassword($loginId,$pwd); > > > >> if(!is_null($member)) { > > > >> if($this->isAuthenticated()) > > >> $this->setAuthenticated(false); // I would like to > > >> logout the user if he/she already has a session, but it doesn't work > > > >> $this->setAuthenticated(true); > > >> $member->setLastLoginAt(time()); > > >> $member->save(); > > >> $this->setAttribute('member_id', $member->getMemberId()); > > > >> return true; > > >> } > > >> return false; > > > >> } > > > > -- > > > You received this message because you are subscribed to the Google > > > Groups "symfony users" group. > > > To post to this group, send email to [email protected]. > > > To unsubscribe from this group, send email to > > > [email protected]. > > > For more options, visit this group > > > athttp://groups.google.com/group/symfony-users?hl=en. > > -- > You received this message because you are subscribed to the Google Groups > "symfony users" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group > athttp://groups.google.com/group/symfony-users?hl=en. > > __________ NOD32 4813 (20100128) Information __________ > > This message was checked by NOD32 antivirus system.http://www.eset.com > > -- You received this message because you are subscribed to the Google Groups "symfony users" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en.
