On 13.02.2008, at 14:24, Daniel Brajkovic wrote:
However, after doing so I run my app, and it goes straight to main and creates a session.
You'll need to get rid of everything on that page that creates a session (WOTextField, WOPasswordField probably) and replace it with the standard html tags, bind the form (can be a WOForm) action to a a direct action, use a standard html submit button to submit, handle your login in the direct action that was called.
In the direct action create a session or check with "existingSession()", whether there is already one (from a previous login attempt perhaps).
On the WebObjects Wiki/confluence, it is stated that people typing in URLs with your components could cause problems. So how do I keep people from doing so?
Where's the link to that?
If I have a user/passwords login app, how do I keep people from using a common username and password simultaneously on different computers? There will be multiple application instances, on several servers.
Keep track of logged-in users in a database table. But that might cause trouble when people don't log out properly. Be aware of that! Delete the row in "session.terminate()". Also delete all entries for the specific instance on instance startup so this gets cleaned up completely.
When someone with the same username comes along, I ask them before logging them in that there is a session with this user name and whether they want to abort that other session. On every request is a check whether the session with id xy is "aborted" and if yes I redirect to a message page that this session was aborted by someone logging in with the same username / password.
Also I showed that user that he didn't log out properly if that was the case.
cug -- Real-World WebObjects class at the Big Nerd Ranch March 2008, Frankfurt, Germany http://www.bignerdranch.com/classes/webobjects.shtml _______________________________________________ Do not post admin requests to the list. They will be ignored. Webobjects-dev mailing list ([email protected]) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/webobjects-dev/archive%40mail-archive.com This email sent to [EMAIL PROTECTED]
