Re: [Dolibarr-dev] Only one connection per login ? / Une seule connexion

dolibarr-dev

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Dolibarr-dev] Only one connection per login ? / Une seule connexion

From:	Laurent Destailleur (eldy)
Subject:	Re: [Dolibarr-dev] Only one connection per login ? / Une seule connexion par login
Date:	Sat, 01 Dec 2012 12:22:44 +0100
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/17.0 Thunderbird/17.0

There is an option into home - system tools - user session to lock any
login and allow only one login, but this means only 1 users, whatever is
the login.
There is no feature to limit according to place. Such a feature is very
dangerous, this is the reason:
1) If you use the ip to detect the place, when user (or server) use a
proxy (or reverse proxy), the ip viewed by dolibarr may change making
dolibarr usage broken.
2) If you use a cookie, information is store on local computer so ne way
to server to know there is already a session.
3) If you use a timeout+login, this will works except when user close by
error its browser. No way to connect again until timeout is finished.
So the only solution is to share information of already logged users
into a centralized area like a common file or a memory shared area. But
what happen if user is disconnected for example when browser is closed
by error. He can't connect again. So workaround is to share both the
login already loggued with its ip to filter only if couple is same, but
you will be faced to problem number 1 again. If you use a timeout to
avoid using ip, you will be faced problem 3.

By default HTTP protocol is a stateless protocol, so it is not easy to
use this protocol to add a feature that need a global statefull
protocol. And PHP does provide statefull solution (the session) but only
per browser, not global statefull solution. To have something efficient,
without all problems, you will probably have to use an id specific to
browser and use :
- centralized storing (time, id specific to computer that is not ip, login)
- cookie
- javascript to define the computer id that is sent during login (but
which one ?)


Le 30/11/2012 21:23, Florian Henry a écrit :
> Hello Dolibarr developpers,
>
>     After a short check into dolibarr code, I didn't found the answer
> so I ask to the community.
>
>     I wonder if it possible to restrict dolibarr to one connection per
> login, with some hidden global variables ?
>     I explain, I want to be sure that only one login like admin, can
> be logged in at a time. I don't want the same login been use by
> different users from different computers at the same time.
>
> -------------------------------------------------
>
> Bonjour a tous,
>
>     Aprés une courte vérification, sans sucées, je me demandais si
> vous connaissiez une variable globale a paramétré pour éviter que
> plusieurs personnes se connexte a Dolibarr avec le même login de
> différent ordinateur en même temps ?
>     Le premier est connecter et les suivants se voie rejeter l'accés,
> tant que le premier ne s'est pas déconnecter (ou que se session a expiré)
>
> Cdt.
>


-- 
Eldy (Laurent Destailleur).

EMail: address@hidden
Web: http://www.destailleur.fr

Dolibarr (Project leader): http://www.dolibarr.org
To make a donation for Dolibarr project via Paypal: address@hidden
AWStats (Author) : http://awstats.sourceforge.net
To make a donation for AWStats project via Paypal: address@hidden
AWBot (Author) : http://awbot.sourceforge.net
CVSChangeLogBuilder (Author) : http://cvschangelogb.sourceforge.net

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [Dolibarr-dev] Only one connection per login ? / Une seule connexion par login, Laurent Destailleur (eldy) <=

Next by Date: [Dolibarr-dev] regarding new idea
Next by thread: [Dolibarr-dev] regarding new idea
Index(es):
- Date
- Thread