Coldfusion Flex app help?!

Hi There, We're looking to secure a flex app with a coldfusion/mssql back end and we could really appreciate some help. We require registered users to only get 1 concurrent use. So if someone else logs on with the same username and password when they are in the app they are refused entry. The tricky bit is logging off - we don't want the user to be locked out if they close the browser without logging out of the app? Any suggestions or pointers as to how would be the best way to approach this would be welcome. Dave.

> Any suggestions or pointers as to how would be the best way to approach > this would be welcome. AJAX call to log them out triggered from the onUnLoad browser event (or similar) ? -- Tom Chiverton **************************************************** This email is sent for and on behalf of Halliwells LLP. Halliwells LLP is a limited liability partnership registered in England and Wales under registered number OC307980 whose registered office address is at Halliwells LLP, 3 Hardman Square, Spinningfields, Manchester, M3 3EB.  A list of members is available for inspection at the registered office. Any reference to a partner in relation to Halliwells LLP means a member of Halliwells LLP.  Regulated by The Solicitors Regulation Authority. CONFIDENTIALITY This email is intended only for the use of the addressee named above and may be confidential or legally privileged.  If you are not the addressee you must not read it and must not use any information contained in nor copy it nor inform any person other than Halliwells LLP or the addressee of its existence or contents.   If you have received this email in error please delete it and notify Halliwells LLP IT Department on 0870 365 2500. For more information about Halliwells LLP visit www.halliwells.com.

>> Any suggestions or pointers as to how would be the best way to approach >> this would be welcome. > AJAX call to log them out triggered from the onUnLoad browser event (or > similar) ? Even that might not fire.  You're going to need to beg them to click the logout button.  Other than that, simply set your session timeout to a reasonable setting.  If they pull the plug on their computer, worst case scenario is they would have to wait until their session timed out. As an alternative, I suppose you could either have some override they could perform that would kick the other user off the system-- not sure how to accomplish.  Perhaps an application variable that is checked on every call. Or you could set up some sort of polling in the app that would periodically hit the server and say "I'm still here".  An unwanted by-product of this might be that the session would NEVER expire as long as the app was open, but when it closed, you could see that it hadn't checked in for the past 5 minutes or whatever and assume they had closed the window.  You might need a regularly scheduled job to keep track of all that stuff though.  If your server restarted during the day, it might be a real pain to pick back up with who was on and off unless you track in the database. ~Brad

We do something similar to Brad. When the user is doing things we have a function that updates a login_security table to show they are still active. We have a Scheduled task that checks the table and clears it once their last active reaches x amount of mins. To combat the Lockout we used our security question and username in a form ,like a reset password, to allow the user to clear his entry in the login_security. Not sure how you would handle the Flex app making calls with HTTPService or just create the last_active function in CF and tie it into the CF functions supporting the flex app Eric

Use the Timer class and run your security call every X minutes on an interval. !k We do something similar to Brad. When the user is doing things we have a function that updates a login_security table to show they are still active. We have a Scheduled task that checks the table and clears it once their last active reaches x amount of mins. To combat the Lockout we used our security question and username in a form ,like a reset password, to allow the user to clear his entry in the login_security. Not sure how you would handle the Flex app making calls with HTTPService or just create the last_active function in CF and tie it into the CF functions supporting the flex app Eric

----- Excess quoted text cut - see Original Post for more ----- Just want to say thanks for all the replies. Dave