|
|
| Applications |
| Mailing Lists |
| Miscellaneous |
| Operating Systems |
| Programming |
Re: Concurrent Sessions and User Feedback
From: Gabriel Lawrence <gabe(at)landq.org>
Date: Sat Apr 05 2003 - 14:44:38 EST
Date: Sat Apr 05 2003 - 14:44:38 EST
The way we handle this in some of our applications is the following:
- If they successfully log in with a valid password and username then the message should allow them to kill off the other session. If the uname or password isn't valid see the next entry.
- If the account is locked out, invalid, suspended, or non-existant you should give basically the same message. Something along the lines of "login is invalid, if you are having trouble please contact support at ...."
Hope this helps,
-gabe
Susan Olson wrote:
>I'm looking for words of wisdom/advice/ideas on how to handle this from a security/"best practices" perspective.
>
>Basically, I am evaluating a web application that disallows concurrent sessions; it only allows for one unique logon session to occur at the same time using just one username/password combination.
Received on Sat Apr 5 16:08:26 2003
This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:07:50 EDT
|
Contact Us Legal Notices Order Services Online Pantek Home Privacy Policy IT news Site Map Pantek Library |