On Tue, Oct 2, 2012 at 9:45 PM, Dennis Lee Bieber <wlfr...@ix.netcom.com>wrote:
> On Tue, 2 Oct 2012 17:23:01 +0100, Tom Evans <tevans...@googlemail.com> > declaimed the following in gmane.comp.python.django.user: > > > > > I did not say that it was not a desired feature, I said that > > *personally* I would not have that expectation; this may be due to me > > fully understanding how such systems work and, as I indicated, a lay > > person may think differently. Other large commercial systems, for > > instance google apps, do not behave in this manner, so I'm not sure > > where the expectation comes from - can anyone name a public facing > > system that invalidates all other sessions on password change? > > > > I'd be more likely to expect any such system to, instead, limit an > account/user to /one/ active session... So the mere act of logging in a > second time should, itself, trigger the shutdown/invalidation of the > earlier session (possibly with a prompt first to give the person a > chance to locate the other session [if it is on the same machine]). > These systems probably also have inactivity time-outs on sessions too. > Sadly that breaks typical usage these days, especially since users will often login from multiple devices (tablets, PCs, phones etc). Some of our clients have chosen to enforce single user login for licensing reasons, i.e. the customer pays more depending on the concurrent user count etc. I'd say the best example of a good integration of this is Facebook... they have many problems, but login/session management definitely isn't one of them (imho). > -- > Wulfraed Dennis Lee Bieber AF6VN > wlfr...@ix.netcom.com HTTP://wlfraed.home.netcom.com/ > > -- > You received this message because you are subscribed to the Google Groups > "Django users" group. > To post to this group, send email to django-users@googlegroups.com. > To unsubscribe from this group, send email to > django-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/django-users?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
