I'm using Rails 3.2.11 with Devise 2.2.3 for a subscription service application. I inherited the app from another developer who is no longer available. I am new to Rails and Devise.
I want to allow a single user (email) to have more than one session to the same app, running concurrently. The sessions may all have the same IP address or different IP addresses, though probably different devices -- desktop, laptop, table, smart phone.
I want to treat each session independently, so the user can sign on and off one session without affecting any work in progress on another session.
Question: Does devise support multiple concurrent sessions normally? Do I have to customize any code or config?
When I look at the User model, I see single attributes for "current_sign_in_at", "current_sign_in_ip" and "authentication_token" -- this makes me think a single User can only have one session at a time.
I've looked at this discussion and at the devise wiki but haven't found an answer.
Yes, devise allows multiple concurrent sessions for same users by default. Then, if you want restrict this behavior, you need to use some extension like: devise_security_extension
I'm using Rails 3.2.17 with Devise 3.2.2
Related
I'm using devise on Rails 4.0. I need non-login users, that is, people who are considered part of a team but never need to log in or interact with the app, they just get emails, appear in different lists and so on (in the future, however, they can potentially become users).
Ways I'm guessing how to do it are to:
programmatically add them, then -
possibly generate the devise views so I can alter them for non-login users?
write the controller to block non-login users?
I need to know what would be the basic steps for implementing non-login users.
I need to set a website that offers buying based on the session and that's it.
No users, no authentication. You buy with the cart you built in the session.
I haven't actually tried anything.
Please give me an idea of what I can try.
I'm running
RoR 4.0.0
Spree 2.1.2
Spree doesn't technically require a user account; the default behavior is to allow creating an account or checking out as a guest (just specifying an email address).
How important is it to not have accounts? In general, people like having an account that they can use to access their order history, etc.
If you truly don't want this functionality, the easiest approach would be to simply hide the login form (using deface) and remove the route.
Are there some good resources tutorials or anyone has tried to implement a Capcha on devise when user enters x wrong passwords?
The idea is that the capcha shows up on to many requests to prevent bots or other bad guys out and limit the number of requests on the devise signing page.
I can think of doing that in two ways:
The first one is based on failed_attempts attribute (so you should increment it after each unsuccesful login). To use it on Devise, you may create your own FailureApp overriding the respond method to update to do an increment on the failed_attempt attribute on the user. When the user reaches the captcha limit, you may set a the flash attribute to signalize about this and thus, you decide on your controller about the captcha. But there is a problem with this way: as it logs for users, it won't work for an user trying different logins.
The second one is based on the IP: for each unsuccessful login, you keep record of IPs and unsuccessful attempts and when an IP reaches a limit you set the already mentioned flash attribute to signalize that the request number from that IP have already reached the limit and you can show the captcha. You can use ActiveRecord and a relational database or even something lightweight like Redis to do that. You may also think about ways to remove old data from this database.
I am looking for a way for my users to be able to login to both of my Joomla sites (one running 1.5 and the other 1.6) using the same credentials. For example, if a user registers to my Joomla1.5 portal, when they use that same info for my Joomla1.6, they get logged in without having to re-register and vice versa.
I guess an authentication plugin would be the best solution in combination with a XML-RPC service? Joomla1.5 site's plugin is triggered which "communicates" with the Joomla1.6 site where the user is already registered, if the credentials check out, a new user is created and the user automatically gets logged in.
Thanks in advance for any ideas/help.
You are trying to do two very different things that will require two very different plugins. First, you need a bridge to handle user table synchronization. You not only have to create a user for each site, you have to sync everything about both accounts each time anything changes. This would include changing email address, password, or even user name plus any other related data such as the use groups that the user belongs to. A good place to start would be jFusion, which is designed to bridge Joomla with other software packages but can certainly be modified to bridge Joomla sites. JFusion also has the added advantage of creating user sessions for each connected software package for a single unified login, which would be the second piece of the puzzle you would need to solve once you get the users sorted out.
http://www.jfusion.org/
I have a subscription based app, charged on the basis of number of users added.
I want to restrict users to single session.
How to implement it. I am using devise for authentication.
Thanks..
There is a devise extension with session limit support
https://github.com/phatworx/devise_security_extension