8

I'm using Authlogic to manage the sessions in my application.
However, by default, authlogic allows a user to be logged in many times from different computers.
I don't want that (the user pays to get access and I want to avoid users sharing their accounts).

Looking in the Authlogic documentation, I've found about the perishable_token. But when trying to implement it, I just get an error saying the persistence_token is required (when it shouldn't be as I use the perishable one).

How would you do this using the Authlogic's features ?

Thanks :)

Damien MATHIEU
  • 31,924
  • 13
  • 86
  • 94

1 Answers1

20

Ok so the perishable token was absolutely not the right path ;)

We "just" need to reset the persistence token every time a user logs in or logs out. With this in my UserSession model, every user gets logged off from any other session when logging in.

class UserSession < Authlogic::Session::Base
    before_destroy :reset_persistence_token
    before_create  :reset_persistence_token

    def reset_persistence_token
        record.reset_persistence_token
    end 
end
Damien MATHIEU
  • 31,924
  • 13
  • 86
  • 94
  • nice work! I've been looking for this for a long time now. Ahm, how can you message or alert the user that he has been logged in to another computer?.. – jovhenni19 Oct 10 '11 at 03:38
  • 1
    Take care though, that this means when you logout, if a user is connected from another device or machine, he will be forced logged out. Not the best UX. – JAR.JAR.beans Mar 02 '15 at 11:34