tags:

views:

1118

answers:

3
+1  Q: 

Authlogic: Assuring that a user can't log in twice.

Is there an easy way in Authlogic (haven't found nothing browsing the docs) to assure that a UserSession can't be created if the User already has an UserSession object?

In other words: I want to make sure that a user can't log in twice with the same credentials.

UPDATE: Check the comments on thief's answer to find the solution to this problem.

+3  A: 

in your user sessions controller:

    before_filter :require_no_user, :only => [:new, :create]

in your app controller:

def require_no_user
  if current_user
    store_location
    flash[:notice] = "You must be logged out to access this page"
    redirect_to account_url
    return false
  end
end
thief  2009-06-23 16:46:32
In addition, it's probably best to hide the login links as well, when someone is logged in.
Steve Klabnik  2009-06-23 19:42:35
@thief: Could you elaborate? I don't understand how this will keep X to log in as Alice on client B while Y is already logged in as Alice on client A.
Javier  2009-06-23 22:55:11
I misunderstood your question. In this case a callback is the way to go. eg: in your UserSessionModel use the callback 'before_persisting' to check if the account is logged in on another machine with the AuthLogic method 'logged_in?' - http://authlogic.rubyforge.org/classes/Authlogic/ActsAsAuthentic/LoggedInStatus/Methods/InstanceMethods.html::
thief  2009-06-24 11:16:05
A: 

To my mind a cleaner approach is to use callbacks in the UserSession class. Like, you can define a before_create callback there, and mark the model as invalid in appropriate case. Haven't tried this out myself, though. Here are the docs for the Callbacks module.

neutrino  2009-06-23 17:01:48
Yes, but you can use your require_no_user method anywhere that it is required that a user is not logged in, also it pairs well with its opposite: require_user
thief  2009-06-23 17:30:25
I agree. Nothing to add here.
neutrino  2009-06-23 20:43:51
A: 

Sorry to rehash the question, but I'm having some trouble getting this to work in my app. I understand the logic - use a callback to check if the user's already logged in - but I can't seem to figure out how to write it.

Could someone elaborate a bit?

Cory Schires  2009-10-03 01:18:05
If you have some specific questions/problems about the implementation better start a new question about it, more people will see it that way. The "Ask Question" button is in the top right of the page.
sth  2009-10-03 01:38:47
Look for the "current_user" method in Authlogic. That will probably answer your question. If not, starting a new question and asking specifically what your problem is will probably solve your problem and help others having the same problem.
Javier  2009-10-05 01:21:56

related questions

Is there a rake task for backing up the data in your database?
How to represent cross-model information in MVC?
WYSIWYG editor gem for Rails?
Best Solution For Authentication in Ruby on Rails
Acts-as-readable Rails plugin Issue
Associating source and search keywords with account creation
Any tips on getting Rails to run with an Access back-end?
Being as DRY as possible in a Ruby on Rails App
How Do You Secure database.yml?
What IDE to use for developing in Ruby on Rails on windows?
Is Ruby On Rails ready for the Enterprise?
OpenID authentication in Ruby on Rails
Why Doesn't My Cron Job Work Properly?
Why does sqlite3-ruby-1.2.2 not work on OS X?
Ruby mixins and calling super methods
Why all the Active Record hate?
Haml: how do I set a dymanic class value?
Learning Ruby on Rails any good for Grails?
How to sell Python to a client/boss/person with lots of cash
How do I create a new Ruby on Rails application using MySQL instead of SQLite?
Ruby On Rails with Windows Vista - Best Setup?
What is good forum software to add to an existing Rails application?
How do I fix 'Unprocessed view path found' error with ExceptionNotifier plugin in rails 2.1?
Frequent SystemExit in Ruby when making HTTP calls
Implementation of "Remember me" in a Rails application.