perl-modperl mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Eric Cholet <>
Subject Re: [Newbie Q] Cleanest way to implement one logon per user?
Date Fri, 02 Aug 2002 08:44:37 GMT
--On Thursday, August 01, 2002 15:08:40 -0400 Baljit Sethi 
<> wrote:

> Hello.
> I am hoping someone can point me in the right direction.
> What I want to do is limit client logons to one logon per username ie
> while a client has a session open, he/she cannot logon to the website
> from another terminal.
> Platform: Apache 1.3.x with mod_perl & DBI
> I have looked high and low, gone through Apache book after book with no
> measurable success (mod_usertrack & mod_session are the only modules
> briefly mentioned).
> If someone could just point me in the right direction, I will gladly do
> all the required research.

Someone recently suggested to me the following solution, based on slightly
modified sessions. It involves sending a cookie that contains a new ID with
each response. The server stores that ID keyed on the user's login name.
The next request from the client is expected to return that
cookie. If the ID doesn't match, redirect the user to the login page.
If one client is using the site, he will login once and thereafter can use
the site normally. If a second client comes in, after his initial login
he will get a cookie with a new ID. This will make the first client's ID
invalid. If both clients continue to issue requests they will keep on
invalidating each other's ID thus forcing repeated logins. In a case
where the contract explicitely disallows concurrent access with a given
login name, the rightful client will probably complain and be a bit more
weary of giving away his password to his friends or coworkers.
An advantage to this system is that it doesn't require logout or timing
out the session.

Disclaimer: I have not implemented this system, and it's possibly that it
has flaws that surely this list readers will be quick to point out, and
I'll be grateful for that.

Eric Cholet

View raw message