Maybe overly simplified, but hey... it works for me: Only on successful login, I am writing the SessionID (response.session_id) in the auth_membership table. On the landing page (index page) I check whether the current response.session_id is equal to the SessionID coming from the DB. If so - all is fine. If not - (the "older" , first) user is politely logged out.
The above works since with each login a NEW response.session_id is created and stored in the DB. The checking is done only on the landing page (which in my app is the most important one, initiating many other functions), so not too many DB hits for the above. The above is not dependent on the user logging out. No IP address is involved (which others have mentioned, suffers from its own issues) It allows only ONE user to be logged in at a time and it logs out the "older" user. Hope it helps NeoToren -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
