What is missing in PHPRunner is: would only allow a user account to be logged-in to my application eleven (Prevent multiple logins by sharing usernames and passwords). But this functionality must be implemented directly in the application
For a while now (2010) there is a post that talks on this issue, which can be analyzed and exploited suggestions by developers for the implementation of this functionality in the interface development PHPRunner.
http://www.asprunner.com/forums/topic/15046-allow-only-one-login-per-account-prevent-user-sharing/
Why that would be important implementation ?.
- Protect users who are logged correctly.
- If you still could do more granular in the sense that this functionality was available for each user who creates excellent serious (in the window of assigning permissions to groups), as it would have a block of users with this restriction of a user - a session, and another block with multiple Sessions.
- Under this logic functionality; if you could add capacity in a global option to indicate the number of users that can be created and other supplementary or exclusive option where the number of concurrent sessions that can run, it would be super excellent indicated. This feature would allow developing software and then license it by the number of users and / or the number of concurrent sessions that can be active.
P.D.
One consideration to keep in mind is if from the same IP can arbrir many sessions on a single user.
As final, since the issue is being seen by users, it would be excellent to have a kind of a widget that can be activated for certain groups of users and which users are currently online shows. Later if you could add the capacity of an online chat between users would be good.
One suggestion of implementation:
"[...]" The way I prevent users from sharing account information is by prevent multiple logins from one location. So if the user logs in, it will log out all other sessions.
This is relatively easy to do. Associate to each user in the database a field like session_key that is randomly generated on login. Store that session_key in the database AND in a cookie in the users browser, and check that the session keys match. If not, log the user out. Whenever someone else logs in, it generates a new session key, thus inactivating all previous sessions and logs out the user. You can also try keeping track of other information as well, such as the users IP address, etc associated with the session. It's not 100% foolproof, but it prevents most users from sharing accounts."[...]"
This would respond to this post:
http://www.asprunner.com/forums/topic/10784-preventing-users-sharing-a-user-login/
Awaiting your prompt implementation and comment.
Sincerely,
Pasquito.
pasquito author