[Zope] Zope Session

Dieter Maurer dieter@handshake.de
Wed, 4 Sep 2002 20:21:27 +0200


Ashish Gautam writes:
 > My requirement is that any user should be able to login for first time and
 > if user tries to login again without loggin off then user must be prevented
 > by displaying necessary message.
You probably can do that, but you should *NOT*.

  Note that HTTP is stateless.
  There is no connection that defines when a user is logged on.

  The server would need to maintain the "logged on" state.
  But then, you have the following dilemma.
  Either, anybody can logout a "logged in" user or
  only the "logged in" user can log out itself.

  I expect you prefer the second solution. But, when
  the server state becomes inconsistent (it thinks the user
  is still logged in; but the corresponding client state is
  lost), then the user will not be able to login again to
  do the log out.
  
  Your admiministrator will often be called to remove stale
  logged-in state...


Dieter