|
Posted by forje on 09/25/06 10:50
Peter Fox a écrit :
>> To do that, I need to check a flag in the database for any action in the
>> current session (to see if a new connection is active and close brutally
>> the current session if needed. I would like to avoid this check in db.
>
> (1) You need to use something that all 'connections' can see and share.
> Sessions don't fill this bill.
Yes.
>
> (2) Since you will (won't you? - I would!) be recording access to the
> admin system, you'll be keeping database records anyway.
I will.
> (3) Unless a user explicitly logs out (or completes some final action)
> your system can't tell when a session has ended.
Yes.
> My answer would be to provide
> * a log-out function (It will be forgotten but use a bit of psychology
> to provide a useful information screen or 'here's your new look' as a
> result to encourage its use.)
> * a /warning/ that another admin session appears to be in progress
> (including who is the other user) ...
> * ...with a simple override.
> * possibly the logic for 'is there another admin session in progress'
> would look at recent activity in the audit trail and conclude that if
> nothing has happened in the last 15 minutes then the new user can be
> given control anyway.
I can't avoid to always check (in all scripts) if a new user is here and
stop if yes.
Thank you for the analysis.
--
Forje
Navigation:
[Reply to this message]
|