I use restful_authentication plugin in rails 2.3.5. application.
In this application, I want to permit to login with a single session for a single account at the same time.
In other words, I don’t want the users to login with single account using several computers.
Does the restful_authentication plugin support this function?
If not, how can I realize this function?
Please give me some advise.
Thank you very much in advance.
I use restful_authentication plugin in rails 2.3.5. application. In this application, I want to
Share
Out of the box, no. You could track the session ID in a table with the user ID and then check that the same session ID is being used. However, this is clunky and you’re going to cause problems for the user when he forgets to log out. You’ll need to implement some kind of timeout for the sessions as well, so that you don’t end up with sessions locking a user out forever.
The alternative would be to switch to
authlogic. It also does not support this out of the box, but it should be easier to implement. One likely solution has been posted here. I haven’t tested what was written there, but the approach looks a lot like what I would attempt to do in this situation.Having used both
restful_authenticationandauthlogicin many apps,authlogicwins hands-down. There’s also Devise, which many people have had success with. (I’m not one of them, but maybe my needs didn’t align with what this gem was offering.) You should definitely explore Devise and authlogic before hacking something into your existing setup, because the more modular designs of the newer gems should yield cleaner code when it’s over.Also: Update your Rails to the latest 2.3.*. There have been many security fixes since 2.3.5.