A) Store a timestamp (i.e. last_request_at) in the session and
compare it at the beginning of each request. If it doesn't match then
remove the session.
B) Restrict by IP address, somehow.
The problems I can see with these two methods are (A) what if the
timestamp is slightly wrong? It also puts extra load on the system
(I'm not sure that's enough to worry about). (B) doesn't work if you
have multiple people at one location behind a NAT.
Do you have any other ideas? What would you do?
Thanx!
Richard
--
You received this message because you are subscribed to the Google Groups "Authlogic" group.
To post to this group, send email to auth...@googlegroups.com.
To unsubscribe from this group, send email to authlogic+...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/authlogic?hl=en.