question about t3 session
4 views
Skip to first unread message
drayco
Feb 12, 2009, 1:52:06 PM2/12/09
to web2py Web Framework
is it possible that in t3 Version 0.4 (2009-01-07 09:01:19) and web2py
1.55.2 diferent person with the same user can logg in?
And, if it is possible, how can i fix that?
1.55.2 diferent person with the same user can logg in?
And, if it is possible, how can i fix that?
mdipierro
Feb 12, 2009, 2:29:00 PM2/12/09
to web2py Web Framework
I do not understand. Can you make an example?
drayco
Feb 12, 2009, 3:00:16 PM2/12/09
to web2py Web Framework
I have many users with diferrents kinds of rights and they gave their
passwords and user name to others people. The system allow to the
people enter to the application with the same user at the same time.
I now that because the people told me that they worked with the same
user, in the same time and in the same place but with diferrents
machines and in this moment i have a lot of problems with that.
And i don't want that this happend.
What can i do?
On Feb 12, 1:29 pm, mdipierro <mdipie...@cs.depaul.edu> wrote:
> I do not understand. Can you make an example?
>
> On Feb 12, 12:52 pm, drayco <antrod...@gmail.com> wrote:
>
> > is it possible that int3Version 0.4 (2009-01-07 09:01:19) and web2py
passwords and user name to others people. The system allow to the
people enter to the application with the same user at the same time.
I now that because the people told me that they worked with the same
user, in the same time and in the same place but with diferrents
machines and in this moment i have a lot of problems with that.
And i don't want that this happend.
What can i do?
On Feb 12, 1:29 pm, mdipierro <mdipie...@cs.depaul.edu> wrote:
> I do not understand. Can you make an example?
>
> On Feb 12, 12:52 pm, drayco <antrod...@gmail.com> wrote:
>
mdipierro
Feb 12, 2009, 3:33:25 PM2/12/09
to web2py Web Framework
Yes you can but this is not one line change. Assuming you have a
single server (not mutliple servers behind a NAT), the easy way is to
replace the register function in controllers/default.py with the
following code:
if t2.logged_in: cache.ram('client:%s' % t2.person_id, lambda:
request.client, 0) ### store client ip in cache
def register():
form=t2.register
(verification=settings.email_verification,sender=settings.email_sender)
if t2.logged_in:
client=cache.ram('client:%s' % t2.person_id, lambda:
request.client, 300) ### retrieve client ip
if client and client!=request.client: ### if no match, force
logout
t2.messages.logged_out="sorry, somebody else is currently
logged in as you"
t2.logout(next='login')
return dict(form=form)
single server (not mutliple servers behind a NAT), the easy way is to
replace the register function in controllers/default.py with the
following code:
if t2.logged_in: cache.ram('client:%s' % t2.person_id, lambda:
request.client, 0) ### store client ip in cache
def register():
form=t2.register
(verification=settings.email_verification,sender=settings.email_sender)
if t2.logged_in:
client=cache.ram('client:%s' % t2.person_id, lambda:
request.client, 300) ### retrieve client ip
if client and client!=request.client: ### if no match, force
logout
t2.messages.logged_out="sorry, somebody else is currently
logged in as you"
t2.logout(next='login')
return dict(form=form)
drayco
Feb 12, 2009, 4:37:00 PM2/12/09
to web2py Web Framework
Thanks in advanced. I will try to fix that this afternoon.
drayco
Feb 12, 2009, 9:15:15 PM2/12/09
to web2py Web Framework
I tested it and the problem is the same.
Do you have other suggestion?
Do you have other suggestion?
mdipierro
Feb 13, 2009, 12:05:54 AM2/13/09
to web2py Web Framework
Did you test logging from two different machines? Different IP
addresses?
Massimo
addresses?
Massimo
drayco
Feb 13, 2009, 2:26:40 AM2/13/09
to web2py Web Framework
Yes, I tested with two diferrent and two diferrent IP addresses.
I use share hosting with apache and wsgi in webfaction.
I use share hosting with apache and wsgi in webfaction.
mdipierro
Feb 13, 2009, 8:58:27 AM2/13/09
to web2py Web Framework
My Bad. Please try this. replace the login() function
def login(): return dict(form=t2.login())
with
if t2.logged_in:
cache.ram('client:%s' % t2.person_id, lambda:request.client, 0)
### store client ip in cache
def login():
if request.vars.email:
client=cache.ram('client:%s' % request.vars.email,
lambda:request.client, 300) ### retrieve client email
in as you"
redirect(URL(r=request))
return dict(form=t2.login())
def login(): return dict(form=t2.login())
with
if t2.logged_in:
cache.ram('client:%s' % t2.person_id, lambda:request.client, 0)
### store client ip in cache
if request.vars.email:
client=cache.ram('client:%s' % request.vars.email,
lambda:request.client, 300) ### retrieve client email
if client and client!=request.client: ### if no match, force
logout
session.flash="sorry, somebody else is currently logged
logout
in as you"
redirect(URL(r=request))
return dict(form=t2.login())
drayco
Feb 13, 2009, 12:27:58 PM2/13/09
to web2py Web Framework
Sorry, I tested it again and the problem is the same.
Please, Do you have other suggestion?
Please, Do you have other suggestion?
mdipierro
Feb 13, 2009, 12:47:23 PM2/13/09
to web2py Web Framework
I guess I need to try this myself before sending it. Sorry I have not
done so. I will test it, debug it and get back to you.
massimo
done so. I will test it, debug it and get back to you.
massimo
mdipierro
Feb 13, 2009, 1:34:40 PM2/13/09
to web2py Web Framework
Please one more try.... replace:
def login(): return dict(form=t2.login())
with
if t2.logged_in:
cache.ram('client:%s' % t2.person_email, lambda:request.client,
-1)
def login():
if request.vars.email:
client=cache.ram('client:%s' %
request.vars.email,lambda:request.client, 300) ### retrieve client
def login(): return dict(form=t2.login())
with
if t2.logged_in:
-1)
def login():
if request.vars.email:
client=cache.ram('client:%s' %
email
if client and client!=request.client: ### if no match,
forcelogout
session.flash="sorry, somebody else is currently logged
in as you"
redirect(URL(r=request))
return dict(form=t2.login())
if client and client!=request.client: ### if no match,
forcelogout
session.flash="sorry, somebody else is currently logged
in as you"
redirect(URL(r=request))
return dict(form=t2.login())
drayco
Feb 13, 2009, 7:44:58 PM2/13/09
to web2py Web Framework
Hi mdipierro, Thank's for your help.
However, the problem is the same.
Please, do you have other idea?
However, the problem is the same.
Please, do you have other idea?
mdipierro
Feb 15, 2009, 9:46:00 AM2/15/09
to web2py Web Framework
That should have worked. Can you tell me more about your setup? Are
you using a proxy? wsgi? apache?
can you print request.client when the two users login from different
IP using the same password within 5 minutes?
Massimo
you using a proxy? wsgi? apache?
can you print request.client when the two users login from different
IP using the same password within 5 minutes?
Massimo
drayco
Feb 15, 2009, 11:59:50 AM2/15/09
to web2py Web Framework
I use a share hosting with wgsi and apache2 in webfaction.
Ok, I will try to do the test.
Thank's for your help.
Ok, I will try to do the test.
Thank's for your help.
drayco
Feb 16, 2009, 8:05:05 PM2/16/09
to web2py Web Framework
Hi massimo, i did other test in the school with 2 machines with 2
diferent ip.
At first, I felt happy to see that it worked.
However, I wait 5 minutes in which I didn't had any activity with my
session.
And i can have access with diferent machine and ip.
I think, I need configure something, can you help me?
diferent ip.
At first, I felt happy to see that it worked.
However, I wait 5 minutes in which I didn't had any activity with my
session.
And i can have access with diferent machine and ip.
I think, I need configure something, can you help me?
mdipierro
Feb 16, 2009, 10:48:08 PM2/16/09
to web2py Web Framework
The problem is how to determine that one person is done. My rule was 5
minues (300 seconds) of inactivity.
You can change the 300 in the cache.ram(...,300).
minues (300 seconds) of inactivity.
You can change the 300 in the cache.ram(...,300).
drayco
Feb 17, 2009, 1:44:04 AM2/17/09
to web2py Web Framework
ups, thank's a lot massimo.
Your help and patient are really incredible.
I am going to try to read and understand more before I will ask you.
Your help and patient are really incredible.
I am going to try to read and understand more before I will ask you.
mdipierro
Feb 17, 2009, 8:46:55 AM2/17/09
to web2py Web Framework
No problem. You are welcome
Reply all
Reply to author
Forward
0 new messages