the issue is, the browser is somehow caching data. May be I can open a Modal popup asking them to click on logout. instead of script log out
because they are unable to read message. if I am closing current session where I am trying to log in.
Use the authenticationChallenge function instead, while making sure to supply forceAuth
= True
.
Tip: please see Wiki - how to post code on this forum.
I am having trouble with this. Apparently I don't know where to put the script. I tried the Session Startup script,
And got this error,
saying "No perspective page attached to this thread." (see attached text below)
log_authenticationchallenge.txt (4.3 KB)
Then I tried a view page onStartup event, and got a different error,
The same problem occurs whether on the page or root onStartup event.
Can I see a screenshot of where and how the script is implemented?
authenticationChallenge needs a page in order to run, which doesn't exist on session startup. You can run it from the page startup session event, here:
This is mostly working, but the log is showing the original session is being closed instead of the new session. What I want is to deny the second session from logging in if it is the same user as the original session.
Here you can see the script:
def onPageStartup(page):
logger = system.util.getLogger("PERS PageStartup")
logger.info("STARTUP")
# from https://forum.inductiveautomation.com/t/keep-users-from-logging-in-on-multiple-devices/64013/23
# Opens an authentication challenge in a new tab that will time out in three minutes.
# reference https://docs.inductiveautomation.com/search?q=system.perspective.authenticationchallenge
# system.perspective.authenticationChallenge(forceAuth = True)
for session_obj in system.perspective.getSessionInfo(usernameFilter=page.session.props.auth.user.userName):
logger.info("STARTUP inside FOR user " + str(page.session.props.auth.user.userName))
logger.info("STARTUP session_obj[id] " + str(session_obj["id"]))
logger.info("STARTUP session.props.id " + str(page.session.props.id))
logger.info("STARTUP sessionScope " + str(session_obj["sessionScope"]))
if (session_obj["sessionScope"] != "designer") and session_obj["id"] != page.session.props.id:
logger.info("STARTUP You are limited to one session at a time")
system.perspective.closeSession("You are limited to one session at a time.", sessionId=session_obj["id"])
The first session login shows this in the log:
When I login again with the same user, you can see the session id that gets closed is the original session:
Is there a way to get it working the way I want?
This cannot be made reliable, as sessions can live on well after the browser has closed the tab or shut down. The "disable previous sessions" approach doesn't have this timing problem.
This seems to be working:
def onPageStartup(page):
logger = system.util.getLogger("PERS PageStartup")
logger.info("STARTUP")
# from https://forum.inductiveautomation.com/t/keep-users-from-logging-in-on-multiple-devices/64013/23
# Opens an authentication challenge in a new tab that will time out in three minutes.
# reference https://docs.inductiveautomation.com/search?q=system.perspective.authenticationchallenge
# system.perspective.authenticationChallenge(forceAuth = True)
session_obj = system.perspective.getSessionInfo(usernameFilter=page.session.props.auth.user.userName)
logger.info("AFTER getSessionInfo session.props.id " + str(page.session.props.id))
logger.info("AFTER getSessionInfo user " + str(page.session.props.auth.user.userName))
if len(session_obj) > 1:
logger.info("Session > 1 page.session.props.id " + str(page.session.props.id))
system.perspective.closeSession("You are limited to one session at a time.", sessionId=page.session.props.id)
The log shows this on the first login:
When the same user tries to login in another session, session closes and the log shows:
I do notice a delay on the second session, it takes a few seconds to close the session.
I think this solves the reliability problem Phil brought up. If not, I am not sure how to implement "disable previous sessions". Is there a code example?
If the one user closes their browser, the gateway won't delete the session until it times out (configurable, but not wise to make to short). If they re-open their browser immediately, your code will boot them out.
When a user logs in and prior sessions for them are found, use system.perspective.closeSession to kill off the stale sessions.
This is what I am using now. It ensures the page gets closed regardless of what browser/session is being used:
def onPageStartup(page):
logger = system.util.getLogger("PERS PageStartup")
logger.info("STARTUP")
# from https://forum.inductiveautomation.com/t/keep-users-from-logging-in-on-multiple-devices/64013/23
# Opens an authentication challenge in a new tab that will time out in three minutes.
# reference https://docs.inductiveautomation.com/search?q=system.perspective.authenticationchallenge
# system.perspective.authenticationChallenge(forceAuth = True)
UserName = page.session.props.auth.user.userName
PageID = page.session.props.id
session_obj = system.perspective.getSessionInfo(usernameFilter=UserName)
PageIDs = session_obj[0]["pageIds"]
logger.info("AFTER getSessionInfo session.props.id " + str(PageID))
logger.info("AFTER getSessionInfo user " + str(UserName))
logger.info("AFTER getSessionInfo PageIDs " + str(PageIDs))
if len(session_obj) > 1 or len(PageIDs)> 1:
logger.info("Session > 1 page.session.props.id " + str(PageID))
system.perspective.closePage("User [" + str(UserName) + "] is already logged in. You are limited to one session at a time.")