[Zope] Zope Session
Dieter Maurer
dieter@handshake.de
Wed, 4 Sep 2002 20:21:27 +0200
Ashish Gautam writes:
> My requirement is that any user should be able to login for first time and
> if user tries to login again without loggin off then user must be prevented
> by displaying necessary message.
You probably can do that, but you should *NOT*.
Note that HTTP is stateless.
There is no connection that defines when a user is logged on.
The server would need to maintain the "logged on" state.
But then, you have the following dilemma.
Either, anybody can logout a "logged in" user or
only the "logged in" user can log out itself.
I expect you prefer the second solution. But, when
the server state becomes inconsistent (it thinks the user
is still logged in; but the corresponding client state is
lost), then the user will not be able to login again to
do the log out.
Your admiministrator will often be called to remove stale
logged-in state...
Dieter