Posted by Peter Fox on 09/25/06 07:57

>To do that, I need to check a flag in the database for any action in the
>current session (to see if a new connection is active and close brutally
>the current session if needed. I would like to avoid this check in db.

(1) You need to use something that all 'connections' can see and share.
Sessions don't fill this bill.

(2) Since you will (won't you? - I would!) be recording access to the
admin system, you'll be keeping database records anyway.

(3) Unless a user explicitly logs out (or completes some final action)
your system can't tell when a session has ended.

My answer would be to provide
* a log-out function (It will be forgotten but use a bit of psychology
to provide a useful information screen or 'here's your new look' as a
result to encourage its use.)
* a /warning/ that another admin session appears to be in progress
(including who is the other user) ...
* ...with a simple override.
* possibly the logic for 'is there another admin session in progress'
would look at recent activity in the audit trail and conclude that if
nothing has happened in the last 15 minutes then the new user can be
given control anyway.






--
PETER FOX Not the same since the e-commerce business came to a .
peterfox@eminent.demon.co.uk.not.this.bit.no.html
2 Tees Close, Witham, Essex.
Gravity beer in Essex <http://www.eminent.demon.co.uk>

[Back to original message]