I am using Rails Authlogic and i want to prevent same user to log in twice at the same time ,I found a way to invalidate all user session and allow only the new one (sign out the user from any other device and only allow the new one) but that not what i want ,i want to prevent the new log in and keep the already logged in
You may refer this site. I think this site is suitable for your question click here
Related
How do I configure Devise so that if a user signs in from another device (not Devise!) and has failed to log out from that other device such that the user is asked if a forced log out of the OTHER log-in should be done?
I assume Devise can detect that a new session is about to be created. Is my assumption correct?
Basically, I need only a single user signed in to be using my application at any one time. Is this possible to do? That is, if I have two valid users x1#xyz.com and x2#abc.com, the two users can both be signed in at the same time but x1#xyz.com and x2#abc.com can each be only signed in once.
You can use this gem: https://github.com/phatworx/devise_security_extension
specifically the :session_limitable module
Context
I am using Parse.com as my backend for a mobile app. I use Facebook login only for now.
Assuming the user has logged in with Facebook and now has an account created on Parse already.
Question
Every time the user opens the app, should I do a check if his account is still valid by using PFUser.currentUser().become()? Or should I use the cached PFUser.currentUser()?
I have found out that if I delete the user account in the Parse backend, if I don't do a become(), the PFUser.currentUser() is still valid, even if the account does not exist anymore.
What is the best practice?
It's generally better to add a column to the user such as 'disabled', and when the app starts you can refresh the user, check that flag and display a message to the user and logout. That, from a user point of view, is similar to using become (at least as long as you check and notify the user).
So, you should do something if you're going to be removing or disabling users in the background. The main question is wether you fully delete the account or just delete the contents but leave the (empty) user in the system as a record.
I am very new to Rails and before I get deep into the building process, would like to know if anyone knows of a way (or any articles--I've been searching and can't find exactly what I'm looking for) to do the following:
1) have a user login using omniauth
2) after logging in directing the user to set an anonymous username that will what shows for this user throughout the activity in the application (all omniauth use info remains private)
Is there a way to do this? I found this question login using facebook or create an account but I'm essentially having them login using facebook AND set an account of a sorts.
If anyone has any resources that could point me in the right direction, I'd appreciate it!
I'm currently working on a RoR app that is only going to be used inside the Facebook Canvas. To model the users I use Devise. Now, I'm aiming at making the signup & login process easy as pie. If my prospective users open the app, he/she should be prompted to authorize the app to access name and email. If this happens a user should be created with the name, fb_uid and email. Every time this user now comes back to the canvas app he should be signed in.
How do I accomlish this?
Please help - looked at koala, omniauth, the javascript and php sdks -> my brain just feels fried...
This railscasts episode shows you how to easily put together the authentication system using omniauth-facebook. I actually just used it today as well. Let me know if you have any more specific questions.
http://railscasts.com/episodes/360-facebook-authentication
Within my rails app, I would like the user to be able to browse and explore without signing in, However, when the user is trying to create a record, it should let him save it only after he/she is signed in. If the user is not signed in, then it should route him to the signup process. The user should not go through the trouble to creating the record all over again.
For example, the user can go to any shopping site, add items to the cart. While checking out, the user is prompted to signup/ sign in. Even if the user is routed to the sign up page, The items are still present in the cart (the user doesn't have to add them agn)
Is there a gem for that? or how can this be achieved in a rails app.
Shortly, what you have to do is to create a guest user instance for every user which is not logged in and visits your site. You treat this user as if it was a registered user, persisting everything to the database accordingly. Then when the user comes to the point he has to register you alter his guest user details on the database, this way everything he has done as a guest will remain the same.
You can find a screencast explaining exactly how you can achieve your goal here: Guest User Record - RailsCasts
You could store this info in your session, then when the user signs up and logs in to the site , you could show the stored info in the session.