I'm trying to avoid two or more login with the same user at a time using FOSUserBundle in Symfony 2.4, I don't know how to access to info related to authenticated users and how to logout if the user who recently logged in are previously authenticated. What am I missing?
Asked
Active
Viewed 232 times
-3
-
Don't you realize how bad that is? Say, session expires, but the state (DB presumably) was not cleared - you could end up locked out for some time (hours, days,...). You probably thought about many things, so, start by writing them here. Then, we could help building those up... – Jovan Perovic Sep 03 '15 at 19:05
1 Answers
0
[edit]
Reading your question again i am not sure what you want. The answer i wrote below keeps the latest login alive and logs the older logins off
[/edit]
a user that is logged in has
a) started a session on the web server
b) identified his self by entering a correct username and password combination.
That knowing we know also that a user that is logged-in has a variable in stored in the session (probably user_id).
Now if you want to logout other sessions (with same user_id) if a users logs-in in another session, you do have a problem since sessions are not made to share information with other sessions.
The solution could be to add a column in your database 'users' table that can hold a random hash. Then if a user logs-in you need to save a new hash in the database and also you need to save the hash into the session.
Then secondary you have to compare the session hash with the database hash for every new request. If the two are different and the user is still logged-in than you have to log the user out.
I think you can let this work with following event-listeners (but i never tried to accomplish this):
