Only allow a web user to be logged in on one computer at a time

Yes, I noticed that. Wonder what happened to it. I spent a couple of hours poking at it, and haven't yet gotten it figured out.

Quote from: sottwell at Jun 12, 2013, 11:22 AM

Yes, I noticed that. Wonder what happened to it. I spent a couple of hours poking at it, and haven't yet gotten it figured out.

Yeah, shame as that would of been perfect to use.

Wondering if the best solution would be to use a custom table to store the session id and user ID for logged in users.

The hard way would be a plugin or hook to the login snippet, storing IP address, which gets removed on logout. Then a pre-hook or plugin to check if that username and IP address is still active, preventing login (perhaps with a message) if it is.

Are you talking about front-end user, manager users?

Quote from: sottwell at Jun 12, 2013, 02:03 PM

Are you talking about front-end user, manager users?

This is for front end only. Also it wouldn't prevent the latest user from logging in. It would log the other user out.

For example

- User 1 signs in.
- User 2 then sign in, but using the same credentials as user 1
- User 1 is then signed out, perhaps with a message when they try and navigate to a protect page.

Does the IP add need to be stored, could a session ID be stored with what ever users ID this session is related to. Then on sign in the plugin/pre-hook check if the users id is in this table, if so get the session id related to it and then removes the row matching that ID from the modx_session table.

Hm. Revo uses the database to store session data. You would need to store the session_name as well as username, then delete the old one from the database if the same user logs in again.