Sinatra / Warden / Ruby - How can I guarantee that my users can only log in with a single session?

Question

Sinatra / Warden / Ruby - How can I guarantee that my users can only log in with a single session?

This is a site requirement that I create so that users can register with only one session at a time. If a user tries to enter the site from another browser or computer while logging in, their attempt to log in should be rejected.

I considered the possibility of marking a user object in the database as a login, but this seems fragile for me, because if the user does not actually log out, the flag is saved and the user receives an unfair rejection. To deal with this, I have to run some kind of cleanup task regularly to ensure that these flags get reset, and this can lead to all other issues.

I use Sinatraboth the main structure and the Wardenauthentication manager. Is there a “best practice” strategy for this kind of requirement?

+4

ruby session unique sinatra warden

Dave sag Dec 27 '13 at 1:49

source share

2 answers

user1191500 · Answer 1 · 2013-12-28T05:32:53+0000

this is really not an authentication problem, but "how do I handle what happens when an authenticated user tries to log in when they are already logged in" - so you need to answer this question first. What do you want to do if someone is already logged in? What is the priority of the new session? That is, delete the older session by the same user?

iain · Answer 2 · 2013-12-28T18:23:51+0000

, .

,

. , , , ... .

, , , . HTTP, .
- " ", , .
, websockets, , . , , .

Sinatra / Warden / Ruby - How can I guarantee that my users can only log in with a single session?

More articles: