<![CDATA[ How to limit one session at a time for a single account? - MODX Community Forums]]> https://forums.modx.com/thread/?thread=100027 <![CDATA[How to limit one session at a time for a single account?]]> https://forums.modx.com/thread/100027/how-to-limit-one-session-at-a-time-for-a-single-account?page=4#dis-post-540882 I have a simple question/request.

Currently MODX allows many login sessions for the same user account.
(logging in from different browsers/devices on the same account doesn't end the previous session)

Is there any way to limit the session to only one active at a time (per user), and how?

I'm using the Login extra for MODX, the logging would only be for (protected) front-end context (default web).
Perhaps some kind of hook for the login, snippet or plugin would do it, but I don't have much experience with it.

I apologize for not having much knowledge on the matter.
Thank you for your time, I'm new to MODX but its a really great tool.]]>
solarthrone Apr 26, 2016, 09:51 AM https://forums.modx.com/thread/100027/how-to-limit-one-session-at-a-time-for-a-single-account?page=4#dis-post-540882
<![CDATA[Re: How to limit one session at a time for a single account?]]> https://forums.modx.com/thread/100027/how-to-limit-one-session-at-a-time-for-a-single-account?page=4#dis-post-563995
$url = $modx->makeUrl(2, 'web', 'service=logout', "full");

]]>
BobRay Feb 07, 2019, 03:16 AM https://forums.modx.com/thread/100027/how-to-limit-one-session-at-a-time-for-a-single-account?page=4#dis-post-563995
<![CDATA[Re: How to limit one session at a time for a single account?]]> https://forums.modx.com/thread/100027/how-to-limit-one-session-at-a-time-for-a-single-account?page=4#dis-post-563994
If they use the same browser/device, then its still the same device/session and its not a problem if the session isn't destroyed. If they use another browser/device...then it won't have the cookie...and Modx won't let them into that previous session.

Right?

@yuliyepes you could use a prehook to destroy any previous session for the user...I assume prehook will be after username/password are both confirmed

But if you are destroying the session that seems to be effectively the same as refusing the second session.

Right now you are expecting the current session to be maintained, and you are trying to stop the second session from being created.

If you destroy the current session and then allow the second session, that's in some sense the same, the user can't have two.

In one case, if I give my pass to my friend, they can't login while my session exists. In the other, they can login, but when they do it they kick me out of my existing session.

The second way is probably more irritating for the cheating user ha

]]>
nuan88 Feb 06, 2019, 09:16 PM https://forums.modx.com/thread/100027/how-to-limit-one-session-at-a-time-for-a-single-account?page=4#dis-post-563994
<![CDATA[Re: How to limit one session at a time for a single account?]]> https://forums.modx.com/thread/100027/how-to-limit-one-session-at-a-time-for-a-single-account?page=4#dis-post-563969
I'm not sure if people whose sessions don't close are really a problem. When they return, they may just get sent to the MODX Manager dashboard without having to log in. If your plugin interferes with that, you might be able to test for $modx->user->hasSessionContext('whatever_context') before rejecting them.
]]>
BobRay Feb 05, 2019, 05:24 PM https://forums.modx.com/thread/100027/how-to-limit-one-session-at-a-time-for-a-single-account?page=4#dis-post-563969
<![CDATA[Re: How to limit one session at a time for a single account?]]> https://forums.modx.com/thread/100027/how-to-limit-one-session-at-a-time-for-a-single-account?page=3#dis-post-563908 Quote from: BobRay at Jan 31, 2019, 06:20 AM
Hi Yulianita. Very nice solution.

For completeness, could you provide the code from resource 21?

What happens if the user forgets to log out and just closes the browser? I don't think MODX would automatically call the login snippet with service='logout'. I could be wrong.

If that proves to be a problem, you could possibly check the last login time and give them a pass if it's been x hours since they last logged in.


Yes that is important, in the resource 21 I have this:

[[!disconnectSession]]
[[+userblocked]] You are already signed on using another browser or device . </br>
<a href="[[~21]]&flag=true&userblock=[[+userblocked]]">Logout from all devices</a>


And this is disconnectSession snippet
<?php
if (isset($_GET['userblocked'])){ 
    $user = $_GET['userblocked'];
    $output = $modx->setPlaceholder('userblocked', $user);
}
else  // if user clicked on the link 
    {
    $user = $_GET['userblock'];
    $modx->user = $modx->getObject('modUser', array(
    'username' => $user,
    ));
    $modx->log(modX::LOG_LEVEL_ERROR, 'Form Data = ' . $user);
    $profile = $modx->user->getOne('Profile');
    $extended = $profile->get('extended');
    $extended['logged'] = 0;  
    $profile->set('extended', $extended);
    $profile->save();
    
    $url = $modx->makeURL('2', 'web', '', 'full'); //redirect to login page
    $modx->sendRedirect($url);
}

return $output;



UPDATE: Oh! yes you completely right, the first session will be still open. Suddenly there is some way to flush a certain user's session automatically??]]>
yuliyepes Feb 02, 2019, 09:54 PM https://forums.modx.com/thread/100027/how-to-limit-one-session-at-a-time-for-a-single-account?page=3#dis-post-563908
<![CDATA[Re: How to limit one session at a time for a single account?]]> https://forums.modx.com/thread/100027/how-to-limit-one-session-at-a-time-for-a-single-account?page=3#dis-post-563850
For completeness, could you provide the code from resource 21?

What happens if the user forgets to log out and just closes the browser? I don't think MODX would automatically call the login snippet with service='logout'. I could be wrong.

If that proves to be a problem, you could possibly check the last login time and give them a pass if it's been x hours since they last logged in.

]]>
BobRay Jan 31, 2019, 06:20 AM https://forums.modx.com/thread/100027/how-to-limit-one-session-at-a-time-for-a-single-account?page=3#dis-post-563850
<![CDATA[Re: How to limit one session at a time for a single account?]]> https://forums.modx.com/thread/100027/how-to-limit-one-session-at-a-time-for-a-single-account?page=3#dis-post-563831 nuan88 Jan 29, 2019, 09:16 PM https://forums.modx.com/thread/100027/how-to-limit-one-session-at-a-time-for-a-single-account?page=3#dis-post-563831 <![CDATA[Re: How to limit one session at a time for a single account?]]> https://forums.modx.com/thread/100027/how-to-limit-one-session-at-a-time-for-a-single-account?page=3#dis-post-563826 Quote from: BobRay at Jan 21, 2019, 04:58 AM
@yulianita, You may be correct that my solution using hasSessionContext() wouldn't work. Your preHook looks to me like it should work, since it will only return true if the user is not already logged in. It should be easy to find out if it works. Let us know if it does and maybe I'll do a a blog post on it.

Hi BobRay and nuan88, The code that I share is working and I have not had any problem yet "I hope not have it", I didn't use sessions.]]>
yuliyepes Jan 29, 2019, 07:10 PM https://forums.modx.com/thread/100027/how-to-limit-one-session-at-a-time-for-a-single-account?page=3#dis-post-563826
<![CDATA[Re: How to limit one session at a time for a single account?]]> https://forums.modx.com/thread/100027/how-to-limit-one-session-at-a-time-for-a-single-account?page=3#dis-post-563693 BobRay Jan 21, 2019, 04:58 AM https://forums.modx.com/thread/100027/how-to-limit-one-session-at-a-time-for-a-single-account?page=3#dis-post-563693 <![CDATA[Re: How to limit one session at a time for a single account?]]> https://forums.modx.com/thread/100027/how-to-limit-one-session-at-a-time-for-a-single-account?page=3#dis-post-563688
https://gist.github.com/splittingred/1234763

It queries the Modx db for sessions, and it seems to me it could be easily converted to take the query it is already doing, and then checking for the username.

It could save you some time depending on where you are at. Just a random find in github lol]]>
nuan88 Jan 20, 2019, 11:39 PM https://forums.modx.com/thread/100027/how-to-limit-one-session-at-a-time-for-a-single-account?page=3#dis-post-563688