On Wednesday, March 7, 2018 at 1:02:56 AM UTC-5, Massimo Di Pierro wrote:
> it is possible. 
> when a user first logs in, store a uuid in the session and write it in the 
> database (in a new custom field in the auth_user table). When a request 
> arrives if the uuid in the session does not match the uuid in the database 
> call auth.logout()

Be aware, that will require a database select on every request. If you want 
to minimize the database hits, you could also store in the session the time 
of the last database lookup, and then only check the database every X 
minutes (the tradeoff being that it could take up to X minutes to disable 
the first session after the second session has begun -- if you must ensure 
zero overlap of sessions, then you'll have to do the database check on 
every request).


- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to