Block another user from accessing the Rails application with my authentication

Question

I have hosted a rails application, an online examination system. The users need to get registered to get access to the system. So each user will be provided with a unique combination of credentials. Let us assume my user-name/password is demo/demo123. I want my app to block another person logging in to the system even if he knows my credentials. Any solution for such scenario.

Thanks for any help :)-

Answer 1

Using Cookie would be a better solution. When the user gets registered create a Cookie value specific to the User and System and in encrypted format (for security reason) and save it in the database corresponding to that user. Check for this Cookie token while logging in. When the user clears the cookie, s(he) can request the Administrator to clear out the DB cookie for creating a new one.

Using IP will not be a better solution since in a network, there can be dynamic IP's allocated to the PC's.

Answer 2

You could record the user's IP address in the database when they first log in, and only allow logging in using the same credentials but from a new IP address after some waiting period of, say, 1 hour, or until the current examination is complete. That should prevent more than one user being logged in to the same user account within a short time period.

The user's IP address can be accessed in a Rails controller using request.remote_ip.

Answer 3

You could use the lock gem to add a password to the entire application.

First, add to your Gemfile.

gem 'lock'

Then

bundle install

Next, create your password

rails g lock:create_password_file yourpasswordhere

Finally, add lock your application controller, or whatever you'd like (see documentation).

ApplicationController < ActionController::Base
  lock
end