All, Let me clarify a little - since lot of answer seemed to focus on "MachineA Vs MachineB" What I need is "only one valid session from UserA at given point" - so two sessions - one from Chrome and other from Firefox - both from MachineA - should be disallowed. (Not sure if it makes problem easy or difficult)
*Theoretically* I am thinking following : in pre-login (if I can intercept login attempt) - put a code that checks whether user that is trying to login - has already logged in (and not logged out yet) If yes, do not allow the login (or somehow forcely invalidate "other" session - and allow "this" login attempt to go thru) *But I am not sure how this maps to web2py flow/hooks etc*. So pointers w/ specifics above would help. Thanks, -Mandar On Tue, Oct 14, 2014 at 11:31 PM, Mandar Vaze <mandarv...@gmail.com> wrote: > This is related to possible security issue. I've written "privately" to > Massimo and Anthony (in another email on this list - they suggested that > security issues not be discussed "publicly" on this list) > > Lets say UserA logs in successfully from MachineA > now without logging out from MachineA - UserA logs in from MachineB > > Is it possible to either : > not allow login from MachineB (show message that "You are currently logged > in from MachineA - continue to access the application from MachineA, or > logout from MachineA"... or some such message.) > OR > allow login from MachineB - but forcefully log out userA from MachineA > (since login from MachineB was later) > > Either case - UserA is logged in only once from any machine/browser > > I prefer second option - cause the (legitimate) reason why UserA is > logging in from MachineB is because s/he doesn't have access to MachineA > (at this point) > > -Mandar > > -- > Resources: > - http://web2py.com > - http://web2py.com/book (Documentation) > - http://github.com/web2py/web2py (Source code) > - https://code.google.com/p/web2py/issues/list (Report Issues) > --- > You received this message because you are subscribed to a topic in the > Google Groups "web2py-users" group. > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/web2py/Z3gjaLzM65E/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > web2py+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. > -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
