Force logout a user

On Sat, Jul 7, 2012 at 10:38 AM, Uday Patel <udayjpatel2002@gmail.com>wrote: > I want to force logout a user if he logs in on another machine. I am using > CF9 and session scope to track user user logins. what are the possible ways > of achieving this. Unique CF sessions are tracked using either CF's internal CFID/CFTOKEN or JSessionID as a unique session identifier, depending on how you have configured in in the administrator. These are typically stored as cookies in the visitors browser and are the single best way to determine "unique logins". The visitor's IP address is not a reliable tacking mechanism and should NOT be used for this. The best/simplest way that I can think of to do this is that when the user logs into your website, store that session identifier (CFID/etc) in a database field along with that user's record in the database. Then, on each request, check that user's database record to see if the user's session identifier matches the one in the database. If it does not, log them out. This does require an extra DB hit with each request, and could be replaced by a mechanism that lives in another shared scope like the application scope, but that will require significantly more effort. If your app does not have heavy load, using the database for this should be fine. -Cameron -- Cameron Childress -- p:   678.637.5072 im: cameroncf facebook <http://www.facebook.com/cameroncf>; | twitter<http://twitter.com/cameronc>; | google+ <https://profiles.google.com/u/0/117829379451708140985>;