tokenly / tokenly-cms

GNU General Public License v2.0
42 stars 12 forks source link

ability to sign in on multiple devices #15

Closed cryptonaut420 closed 9 years ago

cryptonaut420 commented 10 years ago

Right now, when a user logs in, a new "authentication key" is generated and saved in the database, which is good for up to 2 hours of no activity. This key is used in the PHP session to determine the account that is logged in. If you log in on a different browser or different computer / device, a new auth key is generated and causes the one saved in the original session to become invalid, effectively logging you out.

This isn't so bad when just dealing with desktop computers, but it has become a problem because the API uses the same authentication method for various user functions, so with the LTB iOS podcast app, if you sign in on there it will log you out of your computer as well. Which can get annoying.

We need to rework the authentication system so that there can be multiple authentication keys at the same time. Some users have actually commented that they like the fact that it can only be logged in at one place, for security reasons. It might be cool to have a user setting that allows them to restrict the number of active sessions at once (or maybe just choose between 1 only and multiple). Then everyone is happy!