Whats the easiest way of preventing multiple logins in cf?
<cfcomponent>
<cfset This.name = "Name">
<cfset This.Sessionmanagement="True">
<cfset This.loginstorage="session">
<cfset This.sessionTimeout = "#CreateTimeSpan(0, 0, 50, 0)#">
<cfset This.applicationtimeout="#createtimespan(0,0,50,0)#">
<cfset This.scriptProtect = "All">
<cffunction name="OnRequestStart">
<cfargument name = "request" required="true"/>
<cfif IsDefined("Form.logout")>
<cflogout>
<cfset StructClear(Session)>
<cflocation url="/" addtoken="no">
</cfif>
<cflogin>
<cfif NOT IsDefined("cflogin")>
<cfinclude template="loginform.cfm">
<cfabort>
<cfelse>
<cfif cflogin.name IS "" OR cflogin.password IS "">
<cfoutput>
You must enter text in both the User Name and Password fields.
</cfoutput>
<cfinclude template="loginform.cfm">
<cfabort>
<cfelse>
<cfquery name="loginQuery" dataSource="datadsn">
SELECT *
FROM userlogin
WHERE
UserID = <cfqueryparam value="#cflogin.name#" cfsqltype="CF_SQL_VARCHAR">
AND Password = <cfqueryparam value="#hash(cflogin.password)#" cfsqltype="CF_SQL_VARCHAR">
AND trenabled = <cfqueryparam value="1" cfsqltype="CF_SQL_VARCHAR">
<!--- Project ID--->
AND projectid = <cfqueryparam value="23" cfsqltype="CF_SQL_VARCHAR">
</cfquery>
<cfset loginpass = #hash(cflogin.password)#>
<cfset comparison = Compare(loginQuery.Password, loginpass)>
<cfif loginQuery.trRoles NEQ "" AND comparison EQ 0>
<cfloginuser name="#cflogin.name#" Password = "#loginpass#" roles="#loginQuery.trRoles#">
<cfelse>
<cfoutput>
Your login information is not valid.<br>
Please Try again.
</cfoutput>
<cfinclude template="loginform.cfm">
<cfabort>
</cfif>
</cfif>
</cfif>
</cflogin>
<cfif GetAuthUser() NEQ "">
<cfoutput>
<form method="Post">
<input type="submit" Name="Logout" value="Logout">
</form>
</cfoutput>
</cfif>
</cffunction>
<cffunction name="onSessionEnd" returnType="void">
</cffunction>
</cfcomponent>
Where I work they have strict requirements about limiting the number of logins by a single user to a single application. I approached this problem this like this:
1) Have a user login table that holds user info and a field that called "last update" and "Logged in". When the user logs in the "last update" with the current time date and the "logged in" with a 1. This prevents that user from logging in again.
2) Create a jquery ajax call to update the database field "last update" with a new time date stamp. This happens on a schedule (like every 1 min).
3) Last thing I had to do was schedule a task that checked to see if last update for active logins (in the database) was greater than a fixed period of time, if it was that users "Logged in" status was changed from 1 to 0 (allowing them to login again). The reason why this is important is you cannot assume the user will always click "logout" when they leave. Sometimes they just close their browser or navigate away. When this happens if they attempted to come back to the application they would not be able to login again (because the database thinks they are logged in already).
Hope this gets you going in the right direction.