Preventing duplicate logins using FOSUserBundle

Question

Preventing duplicate logins using FOSUserBundle

Our application uses Symfony 2.0 and MongoDB with FOSUserBundle to manage users.

The client wants to prevent the simultaneous use of the username from another device in their application.

Our idea is to cancel / delete all other sessions for the same user upon successful login.

The problem is that we cannot save the session to the database because the Mongo Session handler was added later in version 2.1.

The only solution we offer is to iterate over the session files stored in the file system and check if the username is stored in this file. If this is true, we simply delete the file and the login session to other places ends. Of course, we must verify that we are not deleting the current session either.

Does anyone have a better idea of how the problem can be solved? If not, are there hidden traps we should be aware of?

+4

mongodb symfony fosuserbundle

matejv Nov 22 '12 at 14:12

source share

1 answer

Mike · Accepted Answer · 2012-11-28T00:04:42+0000

You can add an IP address column to a user object that saves the current IP address of the user when they log in. At each page load (through the event listener), you can check the IP address stored in the database for the IP address of the person requesting the page. If the IP address in the database does not match the current IP address of the user (someone is registered elsewhere), log out.

To take it a step further, through ajax, you can make a server call every X seconds that perform the same type of verification, and do a redirect to register the user if the ajax request returns a bad match.

Preventing duplicate logins using FOSUserBundle

More articles: