-
In a Play application, when using cookie-based sessions, if the user logs in using two different browsers, is it possible that when they logout from one of the browsers, Play invalidates both sessions? |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 1 reply
-
This is not a Play specific problem. You would have implement a mechasim that tracks all user's session (e.g. based on browser and ip) and then when a user sends a log out request invalidate all of his/her other sessions. Just an idea: See |
Beta Was this translation helpful? Give feedback.
This is not a Play specific problem. You would have implement a mechasim that tracks all user's session (e.g. based on browser and ip) and then when a user sends a log out request invalidate all of his/her other sessions.
Just an idea:
When a user logs in the first time you could save the current timestamp in it's session cookie.
You need to store this current timestamp also in a map or in key/value store or database, etc if they key does not exists yet.
On each request you read this timestampe session value and it has to <= with your saved value otherwise user is logged out.
So when a user logs out you delete the saved timestamp by your app (remove it from the map, etc), which invalidate…