New Posts New Posts RSS Feed: How To: LoginManager enable single session per login
  FAQ FAQ  Forum Search   Calendar   Register Register  Login Login

How To: LoginManager enable single session per login

 Post Reply Post Reply
Author
Chrizy View Drop Down
Newbie
Newbie
Avatar

Joined: 10-Jan-2012
Posts: 10
Post Options Post Options   Quote Chrizy Quote  Post ReplyReply Direct Link To This Post Topic: How To: LoginManager enable single session per login
    Posted: 21-Feb-2012 at 7:02am

Hi,

Please can you advise on how best to solve the following requirement?

I have created a custom LoginManager which is validating the users credentials against my database, I need to restrict access to only one session per user (Users are paying on a per user license). The way I think this should work is ideally to warn the user they are already logged in, offer a continue/exit option and if they continue logout the initial instance.

Thanks

Chris

Back to Top
kimj View Drop Down
IdeaBlade
IdeaBlade
Avatar

Joined: 09-May-2007
Posts: 1390
Post Options Post Options   Quote kimj Quote  Post ReplyReply Direct Link To This Post Posted: 21-Feb-2012 at 12:36pm
Hi Chris,
 
DevForce itself doesn't provide this, but you should be able to do what you need within your custom IEntityLoginManager.   An instance of your login manager is constructed by an EntityServer when it starts, so you can keep your own state for the lifetime of the EntityServer.   Since a login manager implements both Login and Logout methods you can add and remove the user from your own list or dictionary, and check this to restrict access.  The only real way to fail a login is to throw a LoginException (or a custom sub-type of it), but what you throw in your login manager will flow back to your client application.
Back to Top
katit View Drop Down
Senior Member
Senior Member


Joined: 09-Sep-2011
Posts: 144
Post Options Post Options   Quote katit Quote  Post ReplyReply Direct Link To This Post Posted: 21-Feb-2012 at 1:07pm
If we talk Silverlight - I don't think users will ever "logout". They will close browser most likely.
 
Back to Top
kimj View Drop Down
IdeaBlade
IdeaBlade
Avatar

Joined: 09-May-2007
Posts: 1390
Post Options Post Options   Quote kimj Quote  Post ReplyReply Direct Link To This Post Posted: 21-Feb-2012 at 1:18pm
OK.  Well, you can hook into the window OnBeforeUnload event and call Logout there.  Unfortunately, it's not really clear whether requests to the server will always make it through.   A timer would help, but then you'll also need to track user activity so that you know when a session has gone stale. 
 
Back to Top
katit View Drop Down
Senior Member
Senior Member


Joined: 09-Sep-2011
Posts: 144
Post Options Post Options   Quote katit Quote  Post ReplyReply Direct Link To This Post Posted: 23-Feb-2012 at 9:38am
I've seen that before and I think one of the best ways to handle this stuff (I'm about to do it myself) it to keep some kind of token on a server and remove it when same user logs in. That will kick out previous user - this can be done with push notifications to OTHER users.
It will work like so:
 
Person1 logs in as "User1" and writes tag "Person1:User1"
 
Person 2 comes along and logs in as "User1" - while logging in - it will detect that Person1:User1 already logged in and will kick him out by sending push notification. Person1 in fact may be out already, but if not - he will get notification that someone with same login just connected and he is being pushed out.
 
This kind of stuff will be obvious for users and they will buy licenses if that is a main point :)
 
 
Back to Top
 Post Reply Post Reply

Forum Jump Forum Permissions View Drop Down