In the user voting topic some people brought up that if you use an IP address to track or attach behavior you could be blocking users using Proxy servers specifically AOL users. I was planning on tracking IP addresses to see when a user tried to login twice from different machines. What else could I do to prevent a user logging in from two different locations simultaneously? I want to prevent users sharing logins while using my service. It''s pretty important to be able to block this. Charlie -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk -~----------~----~----~----~------~----~------~--~---
Charlie Hubbard wrote:> In the user voting topic some people brought up that if you use an IP > address to track or attach behavior you could be blocking users using > Proxy servers specifically AOL users. I was planning on tracking IP > addresses to see when a user tried to login twice from different > machines. What else could I do to prevent a user logging in from two > different locations simultaneously? > > I want to prevent users sharing logins while using my service. It''s > pretty important to be able to block this. > > CharlieI''ve achieved the same thing by using the session table with a user_id. When the user logs in, I look for and delete any other sessions with that user id. Then I attach the user id to the current session record. Each time a user tries to access a page I check that their session still exists. If its been deleted I give them a message telling them that they have logged in elsewhere and that this session has been terminated. --john http://www.webtestlive.com -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk -~----------~----~----~----~------~----~------~--~---
Charlie Hubbard
2006-Aug-31 22:58 UTC
Re: Preventing simultaneous logins (was Users voting)
So I assume you''re storing your session objects into the database instead of the file system?> I''ve achieved the same thing by using the session table with a user_id. > > When the user logs in, I look for and delete any other sessions with > that user id. Then I attach the user id to the current session record. > > Each time a user tries to access a page I check that their session still > exists. If its been deleted I give them a message telling them that > they have logged in elsewhere and that this session has been terminated. > > --john > http://www.webtestlive.com-- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk -~----------~----~----~----~------~----~------~--~---
njmacinnes-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org
2006-Sep-01 00:17 UTC
Re: Preventing simultaneous logins (was Users voting)
isn''t that the normal way of doing it!? On 31/08/06, Charlie Hubbard <rails-mailing-list-ARtvInVfO7ksV2N9l4h3zg@public.gmane.org> wrote:> > > So I assume you''re storing your session objects into the database > instead of the file system? > > > I''ve achieved the same thing by using the session table with a user_id. > > > > When the user logs in, I look for and delete any other sessions with > > that user id. Then I attach the user id to the current session record. > > > > Each time a user tries to access a page I check that their session still > > exists. If its been deleted I give them a message telling them that > > they have logged in elsewhere and that this session has been terminated. > > > > --john > > http://www.webtestlive.com > > > -- > Posted via http://www.ruby-forum.com/. > > > >--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk -~----------~----~----~----~------~----~------~--~---