is it possible to prevent multiple connections to the same Xojo 1.0 webapp, in the same client, or at least in the same browser?
thank you.
Maybe check the client IP? Using cookies to check if the browser has already a connection.
I have a system that does this in my web 2.0 app, but it should be possible to do similar thing in web 1.0.
- First, you have to have some sort of login / authentication system.
- My system uses usersnames & passwords, and then sets a cookie when the user has authenticated, so if they reload the page they are automaticallly logged in. The username is stored in the Session object.
- At this point, preventing more than one active login is easy: in Session.Opening, you simply iterate through all the active sessions in the app, and if you find more than one session for the current user, you can either (a) block this login or (b) allow this login and kill the prior session.
- so the user knows why this is happening, you should put up a dialog or set Sesssion.DisconnectMessage, e.g. “You have been disconnected because you logged in with another device or browser tab. You can only be logged in once.”
1 Like
IP may not be a good idea, since so many people are behind CGNAT these days and will have the same IP.
thanks for the suggestions.
Mike, if I wanted at most one session per browser (regardless of logged user), do you think a unique cookie would be enough?
So, if Session.Cookies.Count > 0, I would prevent further logins for anyone.
Be aware that cookies cross tabs so if a user has multiple tabs open to your web application you will need to account for that.
That might work; you’ll have to think about a way to clear the cookies, so that users don’t get locked out.
Also, beware the cookie monster:
In Web2 there is a bug with trying to set multiple cookies - it’s been fixed (but not yet released). I don’t know if this bug exists in Web 1 or not.
See <https://xojo.com/issue/66772>