List:General Discussion« Previous MessageNext Message »
From:Sasha Pachev Date:July 29 1999 5:21pm
Subject:Re: On GET_LOCK ()
View as plain text  
The task of preventing multiple logins to a web application without
creating an inconvenience for the users is rather tedious, if not
impossible - this is probably the reason you do not see it done very
much. Whatever you do to implement it, the following must be present:

 - the user authenticates
 - the application remembers that he has authenticated
 - while the application thinks he is logged in, another login with the
same name will be denied
 - at some point the user logs out and the application does not think he
is logged in any more

To illustrate the kind of problems you have to deal with, let's consider
the following not very uncommon situation:

 - the user logs in
 - his browser dies 
 - he restarts the browser and wants to log in again

The application will have to think ( at least for a while) that the user
is logged in and will not let him log in again. In the meantime, he
cannot log himself out, because the browser lost the session key during
the crash. The user will have to wait until the lock times out.

It must be noted that  timing out the lock must come with logging the
user out - otherwise, multiple logins will be possible. So here we find
ourselves between the rock and the hard place - short timeouts will
annoy users quite a bit - things like a having to answer the phone
during the session will make it necessary to re-login. Long timeouts
will lock out the user for the length of the timeout in case of the
browser crash. And web users are quite picky and impatient - they are
used to services that are free, so if they are paying money, and find
your service inconvenient to use, they will not be using it any more.

The bottom line is that you should probably think of some other usage
policy - maybe if you show banner ads when the user logs in you can
recover the losses from having the users share their account info.

-- 
Sasha Pachev
http://www.sashanet.com/ (home)
http://www.direct1.com/ (work)
Thread
Restrict Accesstoxalot27 Jul
  • Restrict Accesssinisa27 Jul
    • Re: Restrict AccessThimble Smith27 Jul
      • Re: Restrict AccessPaul DuBois27 Jul
        • Re: Restrict AccessMartin Ramsch27 Jul
          • Re: Restrict AccessPaul DuBois28 Jul
            • Re: Restrict AccessThimble Smith28 Jul
        • Re: Restrict Accesssinisa28 Jul
    • Re: Restrict Accesstoxalot28 Jul
      • On GET_LOCK ()sinisa28 Jul
        • Re: On GET_LOCK ()Benjamin Pflugmann28 Jul
          • Re: On GET_LOCK ()sinisa28 Jul
            • Re: On GET_LOCK ()Paul DuBois28 Jul
          • Re: On GET_LOCK ()Jim Faucette28 Jul
            • Re: On GET_LOCK ()Paul DuBois28 Jul
              • Re: On GET_LOCK ()Thimble Smith28 Jul
          • Re: On GET_LOCK ()Gerald Clark28 Jul
        • Re: On GET_LOCK ()Paul DuBois28 Jul
          • Re: On GET_LOCK ()sinisa28 Jul
            • Re: On GET_LOCK ()Paul DuBois28 Jul
  • Re: On GET_LOCK ()Scott Hess28 Jul
    • getting rid of duplicatesJoel Bremson28 Jul
    • Re: getting rid of duplicatesChristian Mack28 Jul
    • Re: On GET_LOCK ()sinisa29 Jul
      • Re: On GET_LOCK ()Paul DuBois29 Jul
    • Re: On GET_LOCK ()Scott Hess29 Jul
Re: On GET_LOCK ()toxalot28 Jul
  • Re: On GET_LOCK ()sinisa28 Jul
    • Re: On GET_LOCK ()Benjamin Pflugmann29 Jul
  • Re: On GET_LOCK ()Sasha Pachev29 Jul
    • Re: On GET_LOCK ()Benjamin Pflugmann31 Jul
Re: On GET_LOCK ()Thimble Smith29 Jul
  • Re: On GET_LOCK ()Fraser MacKenzie29 Jul
    • Re: On GET_LOCK ()Thimble Smith29 Jul
      • Re: On GET_LOCK ()Fraser MacKenzie29 Jul
Re: On GET_LOCK()R. Mentink31 Jul