kick off already sign on user

kuzniz · Postby **kuzniz** » 07 Mar 2013, 23:37

Hi,

I would like to enable the user to always log in , so if he is already login in a different session his old session would be kick off.

is it possible ? how ?

shachar

kuzniz · Postby **kuzniz** » 08 Mar 2013, 07:49

I got the "force logout" flag in the zone config, it solve my problem

Postby **Lapo** » 08 Mar 2013, 09:04

Hi,
yes the "force Logout" is the feature you are looking for.

nekokiller · Postby **nekokiller** » 26 Mar 2013, 06:52

Hi, Lapo:

I have turn on the 'Force logout' option, and it works fine.
But the user who be kicked off, got the reason is 'unknown' when connection lost event .
How can I change the reason string when user be force logout by smartfox server?

Postby **Lapo** » 26 Mar 2013, 09:01

Yes, the reason unknown is due to the fact that there's no time to send a "reason" notification while the other client is waiting to enter the system, therefore the former user will not receive any reasons for the disconnection.

Since it's the same client that is logging in from a different place, it goes without saying that the reason for the disconnection is the new login.

Hope it helps

nekokiller · Postby **nekokiller** » 26 Mar 2013, 09:24

Lapo wrote:Yes, the reason unknown is due to the fact that there's no time to send a "reason" notification while the other client is waiting to enter the system, therefore the former user will not receive any reasons for the disconnection.

Since it's the same client that is logging in from a different place, it goes without saying that the reason for the disconnection is the new login.

OK~
So if we want to tell the former user : there is another user use your account to login, please change your password to protect your account from hacker.
To do this , what is your suggestion ?

Postby **Lapo** » 26 Mar 2013, 10:17

This is not very clear.
If you allow users in your system to connect from different places why would you suspect that, when this is done, it is an hacking attempt?

I think a variable is missing here.
For example you can read my email from multiple locations, right? The email server does not suppose that because you're connecting from 2 different places, someone has stolen your identity.

The same goes here: the security of the access is anyways always guaranteed by the name/password pair. In order for someone to steal somebody's else credentials there must be a vulnerability somewhere, and the first place to look into is the registration process.

Your sign-up process shouldn't allow for too short, too obvious passwords. That's a very good start. Require each user to provide a strong-enough password with at least 2 alphanumeric characters and a minimum of 8 char as the length.

Also user password are highly secure, as no one watching the network stream will be able to capture them.

nekokiller · Postby **nekokiller** » 26 Mar 2013, 10:54

Lapo wrote:This is not very clear.
If you allow users in your system to connect from different places why would you suspect that, when this is done, it is an hacking attempt?

I think a variable is missing here.
For example you can read my email from multiple locations, right? The email server does not suppose that because you're connecting from 2 different places, someone has stolen your identity.

The same goes here: the security of the access is anyways always guaranteed by the name/password pair. In order for someone to steal somebody's else credentials there must be a vulnerability somewhere, and the first place to look into is the registration process.

Your sign-up process shouldn't allow for too short, too obvious passwords. That's a very good start. Require each user to provide a strong-enough password with at least 2 alphanumeric characters and a minimum of 8 char as the length.

Also user password are highly secure, as no one watching the network stream will be able to capture them.

Thank you, I know your point, and sorry for that my concern is not about the hacker.
There is some thing special in our online game project.
We have our auto reconnect mechanics running in the backgroud when connection lost event happened with unknown reason .
Therefore, when two users login with the same account from different locations ( different ios device ) , they will try to kick off one another repeatly.
( Sometimes we are just do some testing with the same account, or sometimes we forget that account is already login and running on another device.)

nekokiller · Postby **nekokiller** » 26 Mar 2013, 11:08

HI, Lapo:

I wrote some code to inform the former user the disconnection reason is 'kick' , when another user login with the same account:

UserLoginHandler:

Code: Select all


System.out.println("current user ip: " + session.getFullIpAddress());

String login_name = (String) event.getParameter(SFSEventParam.LOGIN_NAME);
User formerUser = this.getApi().getUserByName(login_name);
if(formerUser != null)
{
   System.out.print("formerUser ip: " + formerUser.getIpAddress();
   this.getApi().disconnectUser(formerUser, ClientDisconnectionReason.KICK, formerUser);
}

And it seems to work.
When client received the reason 'kick', then it knows it should stop the auto reconnect mechanics, and tell the player what happened.

kick off already sign on user

kick off already sign on user

Re: kick off already sign on user

Re: kick off already sign on user

Re: kick off already sign on user

Re: kick off already sign on user

Re: kick off already sign on user

Re: kick off already sign on user

Re: kick off already sign on user

Re: kick off already sign on user

Who is online