Roberto Nicchi Posted September 24, 2021 Share Posted September 24, 2021 Hello, in my application each user login using an ID. i want to have only one session with a specific ID. In the app's database i have created a LOGIN table where a record is added when an user log into the application. When the user session is closed the record is of course removed. The problem is that if the user switch off the PC and keep the browser open it takes time to have the user id available again for application login. Is necessary to wait the session tinmeout (10 minutes). My solution is to reduce the session timeout to a short time (10 seconds instead of 10 minutes). Then in the main form of the app i have placed a timer that do something every few seconds. In this way there's not a timeout if the application is left untouched for a while. I'm wondering if this is the right way to go or for some reason i could have problems with solution ? thanks Roberto Link to comment Share on other sites More sharing options...
Sherzod Posted September 24, 2021 Share Posted September 24, 2021 1 hour ago, Roberto Nicchi said: 10 seconds instead of 10 minutes ... Link to comment Share on other sites More sharing options...
Norm Posted September 25, 2021 Share Posted September 25, 2021 Hi Roberto, Recording user logins in the database and deleting the record when they logout is standard practice. However in order for this strategy to work well you also need to monitor user activity and kill sessions (trigger a logoff event) that are idle for too long. This would include those who have left their browser idling too long as well as those whose PC has gone off-line for whatever reason. There are several examples in this stream about how other developers monitor and shut down idle sessions. Just out of interest, what do you do if someone tries to log in with an ID that is already logged in? Link to comment Share on other sites More sharing options...
irigsoft Posted September 25, 2021 Share Posted September 25, 2021 On 9/25/2021 at 3:39 AM, Norm said: Just out of interest, what do you do if someone tries to log in with an ID that is already logged in? Hello, this is my way: When user loged in (Button Click on LoginForm), and all authorization is OK, then clossing all other sessions with selected user ID (Name) uniMainModule public sUserName : String; //my custom procedure procedure CloseOtherSesionsWithUser (sesionUser : AnsiString); var I : Integer; U : TUniGUISession; begin Try UniServerModule.SessionManager.Sessions.Lock; for I :=UniServerModule.SessionManager.Sessions.SessionList.Count - 1 downto 0 do begin TRy U := UniServerModule.SessionManager.Sessions.SessionList[I]; //U.LockSession; // Check mainModule availability. Some sessions may not have a MainModule instance if U.UniMainModule <> nil then begin // Do not close my OWN Session if (UniApplication.UniSession.SessionID <> U.SessionId) AND ((U.UniMainModule as TUniMainModule).sUserName = sesionUser) then begin TRY //U.LockSession; //U.ReleaseSession; U.Terminate (StringReplace (uniServerModule.urlMessage,'[###message###]' ,'You have already loged in with this user: ' + sesionUser + '.' + '</br>Session is closed.' ,[]) ); FINALLY //U.UnBusy; END; end; end;//If U Except //on E:Exception do ShowMessage ('Close session ERR:' + E.Message); End; end;//for I Finally UniServerModule.SessionManager.Sessions.Unlock; End; end; Link to comment Share on other sites More sharing options...
Norm Posted September 25, 2021 Share Posted September 25, 2021 Thanks for sharing. Link to comment Share on other sites More sharing options...
Roberto Nicchi Posted September 26, 2021 Author Share Posted September 26, 2021 On 9/25/2021 at 2:39 AM, Norm said: Hi Roberto, Recording user logins in the database and deleting the record when they logout is standard practice. However in order for this strategy to work well you also need to monitor user activity and kill sessions (trigger a logoff event) that are idle for too long. This would include those who have left their browser idling too long as well as those whose PC has gone off-line for whatever reason. There are several examples in this stream about how other developers monitor and shut down idle sessions. Just out of interest, what do you do if someone tries to log in with an ID that is already logged in? Hello. I simply block the login. Anyway the idea to close the session if the user has been inactive too long is good. I'll take a look to the threads provided by Sherzod. In particular this one: Link to comment Share on other sites More sharing options...
Recommended Posts
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now