instead of storing a user id store a uuid that is generated on login, and resolve the uuid back to user.
every time the user logs in you invalidate all other uuids they have and generate a new one. -igor On Fri, Mar 6, 2009 at 2:34 AM, Martin Bednář <[email protected]> wrote: > Hello, > > In our application I must guarantee that user is logged only once to the > application. > I have the following problem. > > 1,User logged to aplication, create session1 > 2,User browser crased, but session1 is still alive for next 30minutes > (session expiration time is 30minutes). > 3,User open new browser and login to application (session2 is created). > > And in point 3 I need close session1 before I log user in. > > I hold userId in user session, but I don't know how to iterate over all > sessions and check if another session for same user is here. > > Any advice ? > > Thx Martin > --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
