I want to use torquebox and limit a user's logins on a jruby rails app so that he cannot login from multiple browsers. I did it with activerecord sessions by keeping track of user id's and session id's when someone logged in and invalidating old sessions.
How can I do something similar in Torquebox? I don't see class methods on TorqueBox::Session module so I can invalidate other sessions, just ways to access the intance. The mechanics of how the sessions work are not clear. I am looking here: https://github.com/torquebox/torquebox/tree/2x-dev/gems/web/lib
If you have the current session object stored locally, in say
current_session:This will allow you to view the current session data, and it is accompanied by a sister function which enables you to also set the data in the session store,
store_session_data(...):You can also set
datato{}(empty hash) to invalidate it (for most intents and purposes).The availability of a current session object will vary depending on scope. For instance, in a stomplet, I must do some introspection on a subscriber to get the
current_sessionobject in order to see the session data:You should probably have a peek at the
ActionDispatch::Session::TorqueBoxStoreapi, too.I haven't personally been able to find much documentation on this. As it is, I'm still looking for a way to find all the currently active sessions. It would help if they would implement AbstractStore's interface, as compatability with current Rails conventions would go a long way.
I know this isn't a complete answer, but hopefully it will shed some light on your travels..