This PAS- plugin will reject multiple logins with the same user at the same time. It ensures that only one browser may be logged with the same userid at one time.
This plugin is for use in a Pluggable Authentication Service user folder.
- PluggableAuthService and its dependencies
- optional: PlonePAS and its dependencies
Place the Product directory
NoDuplicateLogin in your
directory. Restart Zope.
In your PAS
NoDuplicateLogin from the add
list. Give it an id and title, and push the add button.
Enable the Authentication plugin and the Credentials Reset interfaces in the after-add screen.
Rearrange the order of your
Authentication Plugins so that the
NoDuplicateLogin plugin is at the top.
That's it! Test it out.
The implementation works like this: Suppose that Anna and Karl are
two people who share a login
annaandkarl in our site. Anna logs
in, authenticating for the first time. We generate a cookie with a
unique id for Anna and remember the id ourselves. For every
subsequent authentication (i.e. for every request), we will make
sure that Anna's browser has the cookie.
Now Karl decides to log in into the site with the same login
annaandkarl, the one that Anna uses to surf the site right now.
The plugin sees that Karl's browser doesn't have our cookie yet, so
it generates one with a unique id for Karl's browser, remembers it
and forgets about Anna's cookie.
What happens when Anna clicks on a link on the site? The plugin sees that Anna has our cookie but that it differs from the cookie value that it remembered (Karl's browser has that cookie value). Anna is logged out but the plugin and sees the message "Someone else logged in under your name".
The default implementation uses a cookie as described above. This should be good enough in most cases, however, it means that you can easily hack the mechanism if you know how it works by simply setting the same cookie value in both browsers. The plugin comes with an experimental session-based mechanism, which you can activate by ticking "session based" in the plugin's properties form.
Thanks to James Cameron Cooper and Enfold Systems for their GMailAuthPlugin which served as the base for this.
Copyright, Author and Licence:
Author: Daniel Nouri
Copyright (c) 2006, BlueDynamics, Klein & Partner KEG, Innsbruck, Austria, and the respective authors. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: * Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
No stable release available yet.
|noduplicatelogin-1.0a2||More about this release…||UNKNOWN||alpha|
|noduplicatelogin-1.0a1||More about this release…||UNKNOWN||alpha|
|1.0-beta1||initial release for testing More about this release…||
|1.0||after some days in production we replaced PersistentMapping by OOBTree. This might help with ConflictErrors we had on hi-load. More about this release…||