Jump to content

Recommended Posts

Hi.

 

I have a fairly robust user class that i use to maintain user state throughout my applications.  The problem that i'm having is that if the same user logs in twice, from different machines, the database records are overwritten and thus the original users state become corrupt.  Take this for example:

 

I log in once and walk away from my machine.  The application is set to keep the user logged in for 30 minutes.  A second person logs into the system with the same login details and the users last active data is updated.  The first user comes back to the system after 3 hours and the class checks the database to see when the users last activity was.  It picks up the last activity from the second user and thus keeps the first user logged in.  This is not good!

 

Can anyone suggest how i can get round this problem?  I though of maybe creating abstract user instances and storing them in a separate database table.  The user instances can then be deleted at the end of the session and each user instance would be specific to that users session.

 

Is that necessarily the best way to do it tough?

Save the session ID to the database as well as the last activity timestamp. When user 1 comes back to their computer and tries to do somethign the system will first check if the session ID matches. Since it doesn't user 1 will be told they have been logged out on another PC.

 

Of course you would not be able to have two people logged in using the same account at the same time, but that's probably what you want.

You can't have your script magically know who is logging in and out at which time if they are using the same credentials.  That's the point in having separate accounts.    You can shorten your timeout to require re-login to like 5 min or something but even then that's flawed because that's still 5 unaccounted minutes.  IOW the correct solution would be to have unique credentials for everybody.

My company is in the middle of a SaaS application with a similar situation, multiple users can log in on different machines with the same credentials. The solution, for use, is to save a file to the user's PC that is used to help track that PCs session.

 

Although I agree with CV that you should only allow one person to log in at a time with a set of credentials, it is not always up to development to decide these things. My suggestion would be to save a different record for each user login/session ID.

 

Then when checking a user's active status, check to see if there is a record for their session ID. If so, then check to see last activity for that particular session. Of course, you will need to clean up records where the last activity is past the alloted time.

 

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.