I have an app that loggs in by checking a registration id. When logging in i want to check if any other sessions are using the same registration id. If so it will shut the other session down. I have tried several different methods that worked in the past but no longer work now. Anybody have some code on this that can help guide in in the correct direction? Thanks!
I would probably track it in the database rather than relying on properties in an instance of a Xojo Web App. Have a lastAction field in your user table along with some information to determine if it’s the same individual. Typically, I think these types of user tracking systems rely on checking a datetime value for last action with a set tolerance. For instance, if your user’s last action was 1.3 seconds ago from a different session, you probably have two concurrent connections on one user account. If it was 2.5 hours ago that is less likely.
You could also have a currentSession field that contains the last logged in session identifier which your app checks periodically and disconnects any non-matching sessions.
It’s an interesting problem with no shortage of potential solutions.
The database idea will work with multiple instances of a web app. If there is only ever going to be one web app instance could you not add an array property to the App object and use that as an app-wide location?
I could do that and keep track of the session identifier and the registration id in parallel arrays. That will work. Im just looking for a way to iterate through each session and look directly at each session property for the registration id and then shut that session down if it is the same registration id was already logged in.
In 2020r1 there is an App.Sessions method. http://documentation.xojo.com/api/web/webapplication.html#webapplication-sessions Maybe try this if you are writing a Web 2 app.
Otherwise you might try app.SessionAtIndex in 2019r3.2 http://documentation.xojo.com/api/web/webapplication.html#webapplication-sessionatIndex
I added this as the way to interate through the web sessions. But how do do I actually look at my session property Session.RegistrationDBID?
I guess you could hash a userID and set it as a cookie or hashtag when they start. However I imagine making an array property on the app object is probably better than using the session object. It could be an array of dictionaries or your own user objects of course.
If you added RegistrationDBID to the session object is it not in the list when you type “session.” and press the tab key?
No. But it did work anyways. With the SessionAt code.
For i As Integer = 0 To App.SessionCount - 1 If app.SessionAt(i).RegUserRegistrationDBID = rs.Column("dbID").IntegerValue Then bUserAlreadyLoggedIn = True End If Next
OK you did it in one line without assigning the returned session to a session variable. That’s great.
But now I’m wondering, if you don’t set it up in session.cookies (maybe with a timestamp too), how do you know if the user hasn’t switched devices and now they can’t log in?
My purpose here is to stop multiple devices or having multiples instances of a user being logged in. Im working on financial software and writing to the database many times. I want to ensure that If the user is logging in then it is forcing all other instances to shut down so they cant have two open sessions and write to the database.
Could you be more specific as to what didn’t work?
I’ve got it working now with the code above. The only thing that didn’t work was the auto complete list didn’t pull up my session properties. No big deal as long as it works.