Limit user logins in torquebox with torquebox sessions

Question

Limit user logins in torquebox with torquebox sessions

215 Views Asked by Amala At 17 April 2025 at 19:08

I want to use torquebox and limit a user's logins on a jruby rails app so that he cannot login from multiple browsers. I did it with activerecord sessions by keeping track of user id's and session id's when someone logged in and invalidating old sessions.

How can I do something similar in Torquebox? I don't see class methods on TorqueBox::Session module so I can invalidate other sessions, just ways to access the intance. The mechanics of how the sessions work are not clear. I am looking here: https://github.com/torquebox/torquebox/tree/2x-dev/gems/web/lib

Original Q&A

There are 2 best solutions below

**James Mason** · Answer 1

James Mason On 30 October 2013 at 18:53

TorqueBox (2.x, at least) stores the Java session ID in session[:session_id]. If you need to get it from Middleware it's available in env['rack.session'][:session_id].

**Adam Eberlin** · Answer 2

If you have the current session object stored locally, in say current_session:

TorqueBox::Session::ServletStore.load_session_data(current_session)

This will allow you to view the current session data, and it is accompanied by a sister function which enables you to also set the data in the session store, store_session_data(...):

TorqueBox::Session::ServletStore.store_session_data(current_session, data)

You can also set data to {} (empty hash) to invalidate it (for most intents and purposes).

The availability of a current session object will vary depending on scope. For instance, in a stomplet, I must do some introspection on a subscriber to get the current_session object in order to see the session data:

class ChatStomplet
  # ...

  def on_subscribe (subscriber)
    @subscribers[ session(subscriber)[:current_user].username ] << subscriber
  end

  # ...

  def session (subscriber)
    TorqueBox::Session::ServletStore.load_session_data(subscriber.getSession)
  end
end

You should probably have a peek at the ActionDispatch::Session::TorqueBoxStore api, too.

I haven't personally been able to find much documentation on this. As it is, I'm still looking for a way to find all the currently active sessions. It would help if they would implement AbstractStore's interface, as compatability with current Rails conventions would go a long way.

I know this isn't a complete answer, but hopefully it will shed some light on your travels..

Limit user logins in torquebox with torquebox sessions

There are 2 best solutions below

Related Questions in RUBY-ON-RAILS

Related Questions in SESSION

Related Questions in JRUBY

Related Questions in TORQUEBOX

Trending Questions

Popular # Hahtags

Popular Questions