New Community Forums are coming. Watch this space for news.
Subscribe: RSS
  • Quote from: BobRay at Jan 31, 2019, 06:20 AM
    Hi Yulianita. Very nice solution.

    For completeness, could you provide the code from resource 21?

    What happens if the user forgets to log out and just closes the browser? I don't think MODX would automatically call the login snippet with service='logout'. I could be wrong.

    If that proves to be a problem, you could possibly check the last login time and give them a pass if it's been x hours since they last logged in.

    Yes that is important, in the resource 21 I have this:

    [[+userblocked]] You are already signed on using another browser or device . </br>
    <a href="[[~21]]&flag=true&userblock=[[+userblocked]]">Logout from all devices</a>

    And this is disconnectSession snippet
    if (isset($_GET['userblocked'])){ 
        $user = $_GET['userblocked'];
        $output = $modx->setPlaceholder('userblocked', $user);
    else  // if user clicked on the link 
        $user = $_GET['userblock'];
        $modx->user = $modx->getObject('modUser', array(
        'username' => $user,
        $modx->log(modX::LOG_LEVEL_ERROR, 'Form Data = ' . $user);
        $profile = $modx->user->getOne('Profile');
        $extended = $profile->get('extended');
        $extended['logged'] = 0;  
        $profile->set('extended', $extended);
        $url = $modx->makeURL('2', 'web', '', 'full'); //redirect to login page
    return $output;

    UPDATE: Oh! yes you completely right, the first session will be still open. Suddenly there is some way to flush a certain user's session automatically?? [ed. note: yuliyepes last edited this post 2 weeks, 5 days ago.]
    • Thanks!

      I'm not sure if people whose sessions don't close are really a problem. When they return, they may just get sent to the MODX Manager dashboard without having to log in. If your plugin interferes with that, you might be able to test for $modx->user->hasSessionContext('whatever_context') before rejecting them.
        Get my Book: MODX:The Official Guide
        MODX info for everyone:
        My MODX Extras
        Bob's Guides is now hosted at A2 MODX Hosting
      • Let me see if I have got this:

        If they use the same browser/device, then its still the same device/session and its not a problem if the session isn't destroyed. If they use another browser/device...then it won't have the cookie...and Modx won't let them into that previous session.


        @yuliyepes you could use a prehook to destroy any previous session for the user...I assume prehook will be after username/password are both confirmed

        But if you are destroying the session that seems to be effectively the same as refusing the second session.

        Right now you are expecting the current session to be maintained, and you are trying to stop the second session from being created.

        If you destroy the current session and then allow the second session, that's in some sense the same, the user can't have two.

        In one case, if I give my pass to my friend, they can't login while my session exists. In the other, they can login, but when they do it they kick me out of my existing session.

        The second way is probably more irritating for the cheating user ha

        [ed. note: nuan88 last edited this post 2 weeks, 2 days ago.]
        • FYI, this will log the user out when they click on your logout link. I think it will then present the login form, but I'm not sure.

          $url = $modx->makeUrl(2, 'web', 'service=logout', "full");

            Get my Book: MODX:The Official Guide
            MODX info for everyone:
            My MODX Extras
            Bob's Guides is now hosted at A2 MODX Hosting