X-CGP-ClamAV-Result: CLEAN X-VirusScanner: Niversoft's CGPClamav Helper v1.22.2a (ClamAV engine v0.102.2) X-Junk-Score: 10 [X] X-KAS-Score: 10 [X] From: "Christoph Wick" Received: from pv50p00im-tydg10011801.me.com ([17.58.6.52] verified) by post.selbstdenker.com (CommuniGate Pro SMTP 6.3.3) with ESMTPS id 25356476 for webobjects-dev@wocommunity.org; Wed, 03 Feb 2021 15:38:25 +0100 Received-SPF: pass receiver=post.selbstdenker.com; client-ip=17.58.6.52; envelope-from=wicki@mac.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mac.com; s=1a1hai; t=1612363083; bh=Eh4Jrk0urj7rr3kKa1TKeq2tRGS8Z+woVk0gvEzeUCM=; h=From:Content-Type:Mime-Version:Subject:Date:To:Message-Id; b=kfdH5rK911GuOVgV2lJ73S7o7vVShHA0aw+B+LtDE/38vMxh278J8ZIo3rNQeVQZ+ SZaCX5G58wHrT6jYakgUYoDNSffM9vQqKMZxbDHxfljS0cJONYM+1d9UdSw1xAOqHU X+7C+V1nHy6NHFK5HTMqscdm+1arvu5I9Epj9q1R91eLpwvXz0m1Ktsc7RCR+7O3Y0 UQxaK6xwg6p/7I0JLAnxCoBFxt01Llm+S1wZB1featPxLH3J3ORZ7Il8/CIDHye3dG oh5a7i59+797KJ7PcIauHurnGQtDlfuUdlc/NhX9r7N4paEUO/WbVqfD9nOUCfxrej e9Iw1OmzlsXWg== Received: from gorm.cucw.de (unknown [87.139.93.238]) by pv50p00im-tydg10011801.me.com (Postfix) with ESMTPSA id 790D666062A for ; Wed, 3 Feb 2021 14:38:03 +0000 (UTC) Content-Type: multipart/alternative; boundary="Apple-Mail=_C4403C7F-AEB4-44C2-B121-8FF27D8EFB1D" Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.40.0.2.32\)) Subject: Re: [WO-DEV] Question about (not allowing) multiple simultaneous logins Date: Wed, 3 Feb 2021 15:38:00 +0100 References: To: WebObjects & WOnder Development In-Reply-To: Message-Id: X-Mailer: Apple Mail (2.3654.40.0.2.32) X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.369,18.0.737 definitions=2021-02-03_06:2021-02-03,2021-02-03 signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 mlxscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-2006250000 definitions=main-2102030092 --Apple-Mail=_C4403C7F-AEB4-44C2-B121-8FF27D8EFB1D Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 I once had a similar requirement. I came pretty far by 1. implementing a lock in the database 2. making sure to remove the lock during logout 3. overriding Session's terminate() method, e.g. public class Session extends ERXSession { =E2=80=A6 @Override public void terminate() { if (!isTerminating()) { database.removeLockFor(currentUser); super.terminate(); } } =E2=80=A6 } > On 3. Feb 2021, at 15:15, Jesse Tayler = wrote: >=20 >=20 > That=E2=80=99s an unusual request so without understanding why someone = would require such a thing, the basic implementation is going to have = the same properties... >=20 > You=E2=80=99ll need a toggle in your central store (database) for that = user. This toggle must reliably know if there is a session open, and = this you=E2=80=99d likely toggle in session awake and asleep when you = have an authenticated user. >=20 > Of course, you=E2=80=99ll run into the possibility that your session = is stuck, lost to the user (like, if you left a session open on your = phone and have no idea, you=E2=80=99d get locked out which in most cases = is a critical failure of your service!) or otherwise you ever lose track = of that =E2=80=9Coff=E2=80=9D part then your user would be locked out = indefinitely and so on. >=20 > I think to understand how to approach that, you=E2=80=99d need serious = details around the definition and purpose of the requirements because on = the face of it, that=E2=80=99s just an idea that has serious = consequences and it=E2=80=99s hard to imagine a value to balance that = weight. >=20 >=20 >=20 >> On Feb 3, 2021, at 9:05 AM, Leigh Kivenko = wrote: >>=20 >> Hello, >> Our application is currently built with WebObjects/WOLips and in some = capacity, Wonder. >>=20 >> We are being asked to not permit multiple simultaneous logins for the = same user (i.e., on different computers or using different browsers on = the same computer). >>=20 >> Has anyone ever implemented something like this? Is there something = that WebObjects provides out of the box or do we really need to build = our own custom implementation? >>=20 >> Thanks, >>=20 >>=20 >>=20 >>=20 >> Leigh Kivenko | Chief Technology Officer >> t. 416-479-0523 | e. leighk@portfolioaid.com >>=20 >> PortfolioAid | website | linkedin | twitter >> 166 Pearl Street, Suite 200, Toronto, ON M5H 1L3 >>=20 >> 2020 WealthTech100 Company | 2020 WP Awards Service Provider of the = Year (finalist) >>=20 >> This e-mail may be privileged and confidential. If you received this = e-mail in error, please do not use, copy, or distribute, but advise me = immediately=20 >> (by return e-mail or otherwise), and delete the e-mail. PortfolioAid = is committed to taking all reasonable measures to safeguard your = confidential client >> information. When sending attachments and/or screenshots to the = PortfolioAid Help Desk or other PortfolioAid personnel, we kindly remind = you to omit, >> redact or securely protect any personally identifiable client = information (e.g. name, address, SIN, date of birth, etc.) >=20 >=20 > ############################################################# > This message is sent to you because you are subscribed to > the mailing list . > To unsubscribe, E-mail to: > To switch to the DIGEST mode, E-mail to = > To switch to the INDEX mode, E-mail to = > Send administrative queries to = >=20 --Apple-Mail=_C4403C7F-AEB4-44C2-B121-8FF27D8EFB1D Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=utf-8 I = once had a similar requirement. I came pretty far by

1. = implementing a lock in the database
2. making sure to remove the = lock during logout
3. overriding Session's terminate() method, = e.g.

public class Session extends ERXSession {
=E2=80=A6
@Override
public void terminate() = {
if (!isTerminating()) = {
database.removeLockFor(currentUser);
super.terminate();
}
}
=E2=80=A6
}

On 3. = Feb 2021, at 15:15, Jesse Tayler <webobjects-dev@wocommunity.org> wrote:


That=E2=80=99s an unusual request so without understanding = why someone would require such a thing, the basic implementation is = going to have the same properties...

You=E2=80= =99ll need a toggle in your central store (database) for that user. This = toggle must reliably know if there is a session open, and this you=E2=80=99= d likely toggle in session awake and asleep when you have an = authenticated user.

Of course, you=E2=80=99ll= run into the possibility that your session is stuck, lost to the user = (like, if you left a session open on your phone and have no idea, = you=E2=80=99d get locked out which in most cases is a critical failure = of your service!) or otherwise you ever lose track of that =E2=80=9Coff=E2= =80=9D part then your user would be locked out indefinitely and so = on.

I think to understand how to approach = that, you=E2=80=99d need serious details around the definition and = purpose of the requirements because on the face of it, that=E2=80=99s = just an idea that has serious consequences and it=E2=80=99s hard to = imagine a value to balance that weight.



On Feb 3, = 2021, at 9:05 AM, Leigh Kivenko <webobjects-dev@wocommunity.org> wrote:
Hello,
Our application is currently built with = WebObjects/WOLips and in some capacity, Wonder.

We are being asked to not permit multiple simultaneous logins = for the same user (i.e., on different computers or using different = browsers on the same computer).

Has anyone = ever implemented something like this? Is there something that WebObjects = provides out of the box or do we really need to build our own custom = implementation?

Thanks,




Leigh Kivenko | = Chief Technology Officer
t. 416-479-0523  |  e. = leighk@portfolioaid.com

PortfolioAid | website  |  linkedin  | =  twitter
166 Pearl Street, Suite 200, Toronto, ON M5H = 1L3

2020 WealthTech100 Company  | =  2020 WP Awards Service Provider of the Year (finalist)

This e-mail may be privileged and = confidential. If you received this e-mail in error, please do not use, = copy, or distribute, but advise me immediately
(by return = e-mail or otherwise), and delete the e-mail. PortfolioAid is committed = to taking all reasonable measures to safeguard your confidential = client
information. When sending attachments and/or = screenshots to the PortfolioAid Help Desk or other PortfolioAid = personnel, we kindly remind you to omit,
redact or = securely protect any personally identifiable client information (e.g. = name, address, SIN, date of birth, etc.)


#############################################################This message is sent to you because you are subscribed = to
 the mailing list <webobjects-dev@wocommunity.org>.
To = unsubscribe, E-mail to: <webobjects-dev-off@wocommunity.org>
To = switch to the DIGEST mode, E-mail to <webobjects-dev-digest@wocommunity.org>
To = switch to the INDEX mode, E-mail to <webobjects-dev-index@wocommunity.org>
Send= administrative queries to  <webobjects-dev-request@wocommunity.org>


= --Apple-Mail=_C4403C7F-AEB4-44C2-B121-8FF27D8EFB1D--