X-CGP-ClamAV-Result: CLEAN X-VirusScanner: Niversoft's CGPClamav Helper v1.22.2a (ClamAV engine v0.102.2) X-Junk-Score: 0 [] X-KAS-Score: 0 [] From: "OCsite" Received: from smtp-beta-1.zoner.com ([217.198.120.69] verified) by post.selbstdenker.com (CommuniGate Pro SMTP 6.3.3) with ESMTPS id 25356467 for webobjects-dev@wocommunity.org; Wed, 03 Feb 2021 15:36:50 +0100 Received-SPF: none receiver=post.selbstdenker.com; client-ip=217.198.120.69; envelope-from=ocs@ocs.cz Received: from smtp.zoner.com (smtp.zoner.com [217.198.120.6]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp-beta-1.zoner.com (Postfix) with ESMTPS id EB67F1800598 for ; Wed, 3 Feb 2021 15:36:29 +0100 (CET) Received: from macbook-pro.ocsluj (smtp2stechovice.cli-eurosignal.cz [77.240.99.254]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) (Authenticated sender: ocs@ocs.cz) by smtp.zoner.com (Postfix) with ESMTPSA id B92B8300007D for ; Wed, 3 Feb 2021 15:36:29 +0100 (CET) Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.80.23.2.2\)) Subject: Re: [WO-DEV] Question about (not allowing) multiple simultaneous logins Date: Wed, 3 Feb 2021 15:36:29 +0100 References: To: WebObjects & WOnder Development In-Reply-To: Message-Id: X-Mailer: Apple Mail (2.3608.80.23.2.2) Just a side note: if the application never runs multi-instance, it can = be done both in an easier and less dangerous way simply by checking all = the live sessions upon logging in. Of course, if multi-instance is used = or at least an option, this easy path is closed. All the best, OC > On 3 Feb 2021, at 15:15, Jesse Tayler = wrote: >=20 >=20 > That=E2=80=99s an unusual request so without understanding why someone = would require such a thing, the basic implementation is going to have = the same properties... >=20 > You=E2=80=99ll need a toggle in your central store (database) for that = user. This toggle must reliably know if there is a session open, and = this you=E2=80=99d likely toggle in session awake and asleep when you = have an authenticated user. >=20 > Of course, you=E2=80=99ll run into the possibility that your session = is stuck, lost to the user (like, if you left a session open on your = phone and have no idea, you=E2=80=99d get locked out which in most cases = is a critical failure of your service!) or otherwise you ever lose track = of that =E2=80=9Coff=E2=80=9D part then your user would be locked out = indefinitely and so on. >=20 > I think to understand how to approach that, you=E2=80=99d need serious = details around the definition and purpose of the requirements because on = the face of it, that=E2=80=99s just an idea that has serious = consequences and it=E2=80=99s hard to imagine a value to balance that = weight. >=20 >=20 >=20 >> On Feb 3, 2021, at 9:05 AM, Leigh Kivenko = wrote: >>=20 >> Hello, >> Our application is currently built with WebObjects/WOLips and in some = capacity, Wonder. >>=20 >> We are being asked to not permit multiple simultaneous logins for the = same user (i.e., on different computers or using different browsers on = the same computer). >>=20 >> Has anyone ever implemented something like this? Is there something = that WebObjects provides out of the box or do we really need to build = our own custom implementation? >>=20 >> Thanks, >>=20 >>=20 >>=20 >>=20 >> Leigh Kivenko | Chief Technology Officer >> t. 416-479-0523 | e. leighk@portfolioaid.com >>=20 >> PortfolioAid | website | linkedin | twitter >> 166 Pearl Street, Suite 200, Toronto, ON M5H 1L3 >>=20 >> 2020 WealthTech100 Company | 2020 WP Awards Service Provider of the = Year (finalist) >>=20 >> This e-mail may be privileged and confidential. If you received this = e-mail in error, please do not use, copy, or distribute, but advise me = immediately=20 >> (by return e-mail or otherwise), and delete the e-mail. PortfolioAid = is committed to taking all reasonable measures to safeguard your = confidential client >> information. When sending attachments and/or screenshots to the = PortfolioAid Help Desk or other PortfolioAid personnel, we kindly remind = you to omit, >> redact or securely protect any personally identifiable client = information (e.g. name, address, SIN, date of birth, etc.) >=20 >=20 > ############################################################# > This message is sent to you because you are subscribed to > the mailing list . > To unsubscribe, E-mail to: > To switch to the DIGEST mode, E-mail to = > To switch to the INDEX mode, E-mail to = > Send administrative queries to = >=20