Posted by bsenftner on August 2, 2012 at 6:57pm
I have a REST API I've created, and am selling access to it. One of my clients is a mobile developer, with plans for their app to use a single user account for API communications.
Typical use case for their mobile app is proposed to be:
1) login
2) do api operations
3) logout
My question relates to steps 1 & 3 above: will that work with a single user account, and multiple mobile devices using the same user account? Will the logout by one device also logout all other "logged in" devices?
I'm thinking they may need a unique user account for each mobile device, or I get rid of the login/logout and we devise some additional authentication verification to insure only authorized API users are allowed to use the API.
Thoughts?
Comments
I need the same thing
My application also need to have multiple, simultaneous login to the same account from a mobil client application via the services module.
Did you find any solution?
Solution found
Ok, so we found a hack solution that works for us. We modified services/resources/user_resource.inc _user_resource_login function and commented out the test at the beginning of the function which tests to see if the user is already logged in.
We tested it with 4 separate mobil devices logging into the same account via the service and they all worked. Additionally, if one user logouts out, the other users are still able to continue their authenticated session (:
Since hacking the services module is not a good idea, we'll probably write our own login resource module to do this so we can leave the services module alone.
From my experience, there is
From my experience, there is no problem here. One user can have multiple open sessions - you can actually try it by login with the same user from multiple computers. Logout from one of them won't effect the second.
Unless you encounter any specific problem, I think you have nothing to worry about.
Are you talking about
Are you talking about multiple, simultaneous login via the services module? By default, services module will NOT allow this; it will return a 406 error.
I'd sware my clients are doing this...
I'd swear my clients are doing this, simultaneous logins with the same user, in an unaltered Services, latest version. (I'm running it on D6 tho...)
Ah, I'm using D7.15 with
Ah, I'm using D7.15 with Services 3.1...I had to hack the services module and comment out this test:
if ($user->uid) {
// user is already logged in
return services_error(t('Already logged in as @user.', array('@user' => $use
r->name)), 406);
}
I should probably take a
I should probably take a look, just to be sure...
...and that logic was in my
...and that logic was in my D6 version. Not any more...
Are you saying you had to
Are you saying you had to hack your services module also?
yes.
yes.
Yeah, since posting that I
Yeah, since posting that I found it not to be an issue. The "issue" was my clients reusing session ids and then wondering why everyone was logged out when one of the them logged out.