Accessing another users session variables

[cturland]

Hi all,

When someone logs on to the server I store their user name in a session variable and I need to make sure that the same user does not log on twice from another computer. I realise that I could put a flag to check in the database but I would rather not do this incase the users computer crashes and the flag remains.

Does anyone know how I can access all the session variables that are currently present on the server?

Any ideas will be gratefully received!!

Thanks,
Carl

 

[GunJack]

I never seen a way to get a list of all the session variables and I don't think it's possible. If you want to ensure a login is in use by only one computer, you will need to create some central storage location to hold accounts currently in use. You will want to store the username, cfid, cftoken, and last request. Each time someone requests a page, update the last request to the current time. You can then schedule a script to run and delete any entries that are older than your session timeout. Every time someone logs in or requests a page, check to see if the username is in use and make sure the cfid & cftoken match the visitor's cfid & cftoken. That should ensure that noone uses the account from different computers (there are still ways around this in the extreme case). If you want it to work without cookies, you will need to pass cfid & cftokens via url variables on all links and forms.

Hope this helps,
GJ

 

[CFProgrammer]

Quite Simple.

<query here>

Login OK, Set Variable User/pass verified

<Cfif isdefined(&quot;session.logged&quot>
COde Here
<cflocation> or <Cfabort>
<Cfelse>

<cfset session.user = query.user>
<cfset session.userlogged = 1>
</cfif>