Jump to content

User login/logout. I'm doing well?


Roberto Nicchi

Recommended Posts

Hello,

 

in my application each user login using an ID.

i want to have only one session with a specific ID.

In the app's database i have created a LOGIN table where a record is added when an user log into the application.

When the user session is closed the record is of course removed.

The problem is that if the user switch off the PC and keep the browser open it takes time to have the user id available again for application login. Is necessary to wait the session tinmeout (10 minutes).

My solution is to reduce the session timeout to a short time (10 seconds instead of 10 minutes). Then in the main form of the app i have placed a timer that do something every few seconds. In this way there's not a timeout if the application is left untouched for a while.

I'm wondering if this is the right way to go or for some reason i could have problems with solution ?

 

thanks

Roberto

Link to comment
Share on other sites

Hi Roberto,

Recording user  logins in the database and deleting the record when they logout is standard practice. However in order for this strategy to work well you also need to monitor user activity and kill sessions (trigger a logoff event) that are idle for too long. This would include those who have left their browser idling too long as well as those whose PC has gone off-line for whatever reason.

There are several examples in this stream about how other developers monitor and shut down idle sessions.

Just out of interest, what do you do if someone tries to log in with an ID that is already logged in?

Link to comment
Share on other sites

On 9/25/2021 at 3:39 AM, Norm said:

Just out of interest, what do you do if someone tries to log in with an ID that is already logged in?

Hello, this is my way:

When user loged in (Button Click on LoginForm), and all authorization is OK, then clossing all other sessions with selected user ID (Name) 

uniMainModule

public

    sUserName               : String;
 

//my custom procedure

procedure CloseOtherSesionsWithUser (sesionUser : AnsiString);
var
I : Integer;
U : TUniGUISession;
begin
Try
  UniServerModule.SessionManager.Sessions.Lock;
  for I :=UniServerModule.SessionManager.Sessions.SessionList.Count - 1 downto 0 do begin
      TRy
      U := UniServerModule.SessionManager.Sessions.SessionList[I];
      //U.LockSession;
      // Check mainModule availability. Some sessions may not have a MainModule instance
      if U.UniMainModule <> nil then begin
        // Do not close my OWN Session
        if (UniApplication.UniSession.SessionID <> U.SessionId)
        AND ((U.UniMainModule as TUniMainModule).sUserName = sesionUser)

        then begin
           TRY
              //U.LockSession;
              //U.ReleaseSession;
              U.Terminate (StringReplace (uniServerModule.urlMessage,'[###message###]'
                            ,'You have already loged in with this user: ' + sesionUser + '.'
                              + '</br>Session is closed.'
                            ,[])
                          );
           FINALLY
              //U.UnBusy;
           END;

        end;
         
      end;//If U
      Except
            //on E:Exception do ShowMessage ('Close session ERR:' + E.Message);
      End;
  end;//for I
Finally
  UniServerModule.SessionManager.Sessions.Unlock;
End;
end;

Link to comment
Share on other sites

On 9/25/2021 at 2:39 AM, Norm said:

Hi Roberto,

Recording user  logins in the database and deleting the record when they logout is standard practice. However in order for this strategy to work well you also need to monitor user activity and kill sessions (trigger a logoff event) that are idle for too long. This would include those who have left their browser idling too long as well as those whose PC has gone off-line for whatever reason.

There are several examples in this stream about how other developers monitor and shut down idle sessions.

Just out of interest, what do you do if someone tries to log in with an ID that is already logged in?

Hello. I simply block the login. Anyway the idea to close the session if the user has been inactive too long is good. I'll take a look to the threads provided by Sherzod. In particular this one:

 

Link to comment
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
×
×
  • Create New...