Signing in just once

Bad_Albert · February 28, 2017, 7:41am

how can i deactivate the function that one user can sing in multiple times even in the same browser?

I want to block the user, so IT just can sign in once and thats IT-Abteilung

would be thankful for any help

DerkJ · February 28, 2017, 3:33pm

Store user in a database and set a flag once the User is logged in.

When user logges out clear the flag (boolean or so)

Tomas_J · February 28, 2017, 5:40pm

Better solution: Log the users’ IP Adress and prevent multiple logins from same IP within certain amount of time. I am using this to detect brute force attacks. Flags are ineffective cause they are only causing support incidents when an accidentally set or remaining flag is hindering somebody to log in.

Tim_Parnell · February 28, 2017, 6:01pm

Another solution might be to log the account out when signed in from another location. Thought that might require more implementation, it is a normal high-security behavior.

Michel_Bujardet · February 28, 2017, 6:03pm

You can very well have several users on the same IP, in corporate networks, or cyber cafs.

The only safe way to proceed is to have a login.

Bad_Albert · March 1, 2017, 8:30am

I have a productive WebApp with several users, but every user can login on the same computer but in two different windows, tabs, programs or two different computers and i want to disable this, so each user can just log in once at one moment

Michel_Bujardet · March 1, 2017, 1:45pm

If you have a login screen, it should be pretty easy to check if the user is already logged in.

Bad_Albert · March 1, 2017, 3:43pm

yeah i know that but imagine you have co workers who forgot their log in and use the log in of his partner when he is at the same time in the application, but just one person can safe than, and i need to avoid that

Michel_Bujardet · March 1, 2017, 7:50pm

Don’t you keep a log of who is logged or not ? If you see someone is already logged and wants to log again, seems pretty simple to me to refuse the login.

Bad_Albert · March 1, 2017, 8:35pm

@Michel Bujardet
I’m sorry to ask simple question as these one

i’m just an apprentice to learn, and i googled and i can’t find answers to Xojo options like that,

i’m just trying the solution with the ip dress for each user then

Michel_Bujardet · March 1, 2017, 9:39pm

Dante, do your users each have a name and password they enter in the app in order to use it ?

Greg_O_Lone · March 2, 2017, 12:10pm

[quote=318402:@Derk Jochems]Store user in a database and set a flag once the User is logged in.

When user logges out clear the flag (boolean or so)[/quote]
This would work. Just record the session identifier and use them to clean up the table whenever session.close fires (or use a timer)

James_Dooley · March 2, 2017, 12:26pm

There is no reliable way to do this, despite all the suggestions offered. I’ve been through this exercise a few times now with financial institutions and the best you can hope for is say an 80% - 90% solution. The problem is that at it’s core HTTP is a connectionless protocol, so there will be times that that the user goes away and the system does not know about it or even worse thinks the user has gone away when they have not. Either way people will get locked out and will need to be reset, of course if the user who got locked out is the super user then you have some real issues getting a reset without db access.

Why is it so important that you can not login multiple times? Can you not program around the fact that users may be logged into more than one session?

Bad_Albert · March 3, 2017, 6:59am

Michel
yes they do,
it’s an productive informatics system where everyone just can access it with a log in

Bad_Albert · March 3, 2017, 7:01am

i’t important to not log in multiple times, because some co workers are not that clever,
sometime they work on the system, open another and than open the previous page where they worked on in a new window/tab and get mad at us, why everything is lost, and this function should be included

James_Dooley · March 3, 2017, 7:49am

[quote=318847:@Dante Neumann]i’t important to not log in multiple times, because some co workers are not that clever,
sometime they work on the system, open another and than open the previous page where they worked on in a new window/tab and get mad at us, why everything is lost, and this function should be included[/quote]

Sounds like you are trying to solve the wrong problem…

Steve_Upton · March 3, 2017, 7:59am

what if you use cookies?.

With a xojo web app, opening anything into a new tab creates a new session. Check the cookie and you’ll know if they’ve already logged in.

This would, of course, work only in one browser app.

Tomas_J · March 3, 2017, 8:08am

Credentials or login states in cookies? And we would talk about long-term stationary ones? Uhm… as malware author I would create a cookie generator blocking the admins from login

Tomas_J · March 3, 2017, 8:10am

Both, on session.close and with a timer. Reduces support tickets (“I cannot login, computer says I am already logged in”). This timer stuff could be done outside of xojo app with a cronjob pinging into a database table where sessions and IPs are logged.

Bad_Albert · March 3, 2017, 8:21am

dear James,

How should i solve the wrong problem if my company said, this has to be included?

what should be the right problem in your eyes?

========================================

i just asking how i can solve the problem just to sign in once and not multiple times

i just want an good working program

i’ll try that with the data base and the cookies,
hopefully one of them is the solution