question about t3 session

4 views
Skip to first unread message

drayco

unread,
Feb 12, 2009, 1:52:06 PM2/12/09
to web2py Web Framework
is it possible that in t3 Version 0.4 (2009-01-07 09:01:19) and web2py
1.55.2 diferent person with the same user can logg in?

And, if it is possible, how can i fix that?

mdipierro

unread,
Feb 12, 2009, 2:29:00 PM2/12/09
to web2py Web Framework
I do not understand. Can you make an example?

drayco

unread,
Feb 12, 2009, 3:00:16 PM2/12/09
to web2py Web Framework
I have many users with diferrents kinds of rights and they gave their
passwords and user name to others people. The system allow to the
people enter to the application with the same user at the same time.

I now that because the people told me that they worked with the same
user, in the same time and in the same place but with diferrents
machines and in this moment i have a lot of problems with that.

And i don't want that this happend.

What can i do?

On Feb 12, 1:29 pm, mdipierro <mdipie...@cs.depaul.edu> wrote:
> I do not understand. Can you make an example?
>
> On Feb 12, 12:52 pm, drayco <antrod...@gmail.com> wrote:
>
> > is it possible that int3Version 0.4 (2009-01-07 09:01:19) and web2py

mdipierro

unread,
Feb 12, 2009, 3:33:25 PM2/12/09
to web2py Web Framework
Yes you can but this is not one line change. Assuming you have a
single server (not mutliple servers behind a NAT), the easy way is to
replace the register function in controllers/default.py with the
following code:

if t2.logged_in: cache.ram('client:%s' % t2.person_id, lambda:
request.client, 0) ### store client ip in cache

def register():
form=t2.register
(verification=settings.email_verification,sender=settings.email_sender)
if t2.logged_in:
client=cache.ram('client:%s' % t2.person_id, lambda:
request.client, 300) ### retrieve client ip
if client and client!=request.client: ### if no match, force
logout
t2.messages.logged_out="sorry, somebody else is currently
logged in as you"
t2.logout(next='login')
return dict(form=form)

drayco

unread,
Feb 12, 2009, 4:37:00 PM2/12/09
to web2py Web Framework
Thanks in advanced. I will try to fix that this afternoon.

drayco

unread,
Feb 12, 2009, 9:15:15 PM2/12/09
to web2py Web Framework
I tested it and the problem is the same.

Do you have other suggestion?

mdipierro

unread,
Feb 13, 2009, 12:05:54 AM2/13/09
to web2py Web Framework
Did you test logging from two different machines? Different IP
addresses?

Massimo

drayco

unread,
Feb 13, 2009, 2:26:40 AM2/13/09
to web2py Web Framework
Yes, I tested with two diferrent and two diferrent IP addresses.

I use share hosting with apache and wsgi in webfaction.

mdipierro

unread,
Feb 13, 2009, 8:58:27 AM2/13/09
to web2py Web Framework
My Bad. Please try this. replace the login() function

def login(): return dict(form=t2.login())

with

if t2.logged_in:
cache.ram('client:%s' % t2.person_id, lambda:request.client, 0)
### store client ip in cache

def login():
if request.vars.email:
client=cache.ram('client:%s' % request.vars.email,
lambda:request.client, 300) ### retrieve client email
if client and client!=request.client: ### if no match, force
logout
session.flash="sorry, somebody else is currently logged
in as you"
redirect(URL(r=request))
return dict(form=t2.login())

drayco

unread,
Feb 13, 2009, 12:27:58 PM2/13/09
to web2py Web Framework
Sorry, I tested it again and the problem is the same.

Please, Do you have other suggestion?

mdipierro

unread,
Feb 13, 2009, 12:47:23 PM2/13/09
to web2py Web Framework
I guess I need to try this myself before sending it. Sorry I have not
done so. I will test it, debug it and get back to you.

massimo

mdipierro

unread,
Feb 13, 2009, 1:34:40 PM2/13/09
to web2py Web Framework
Please one more try.... replace:

def login(): return dict(form=t2.login())

with

if t2.logged_in:
cache.ram('client:%s' % t2.person_email, lambda:request.client,
-1)

def login():
if request.vars.email:
client=cache.ram('client:%s' %
request.vars.email,lambda:request.client, 300) ### retrieve client
email
if client and client!=request.client: ### if no match,
forcelogout
session.flash="sorry, somebody else is currently logged
in as you"
redirect(URL(r=request))
return dict(form=t2.login())

drayco

unread,
Feb 13, 2009, 7:44:58 PM2/13/09
to web2py Web Framework
Hi mdipierro, Thank's for your help.

However, the problem is the same.

Please, do you have other idea?

mdipierro

unread,
Feb 15, 2009, 9:46:00 AM2/15/09
to web2py Web Framework
That should have worked. Can you tell me more about your setup? Are
you using a proxy? wsgi? apache?

can you print request.client when the two users login from different
IP using the same password within 5 minutes?

Massimo

drayco

unread,
Feb 15, 2009, 11:59:50 AM2/15/09
to web2py Web Framework
I use a share hosting with wgsi and apache2 in webfaction.

Ok, I will try to do the test.

Thank's for your help.

drayco

unread,
Feb 16, 2009, 8:05:05 PM2/16/09
to web2py Web Framework
Hi massimo, i did other test in the school with 2 machines with 2
diferent ip.
At first, I felt happy to see that it worked.

However, I wait 5 minutes in which I didn't had any activity with my
session.
And i can have access with diferent machine and ip.

I think, I need configure something, can you help me?

mdipierro

unread,
Feb 16, 2009, 10:48:08 PM2/16/09
to web2py Web Framework
The problem is how to determine that one person is done. My rule was 5
minues (300 seconds) of inactivity.

You can change the 300 in the cache.ram(...,300).

drayco

unread,
Feb 17, 2009, 1:44:04 AM2/17/09
to web2py Web Framework
ups, thank's a lot massimo.

Your help and patient are really incredible.

I am going to try to read and understand more before I will ask you.

mdipierro

unread,
Feb 17, 2009, 8:46:55 AM2/17/09
to web2py Web Framework
No problem. You are welcome
Reply all
Reply to author
Forward
0 new messages