[UPHPU] Best way to prevent multiple logins from the same account.

[phpninja]

Ken,  This is what I thought might be the case. I read something about
the OnUnload function but it does'nt appear to work in all browsers. Thanks
for the reply.

-phpninja

On 4/5/07, Ken Snyder <ksnyder at coremr.com> wrote:
>
> phpninja wrote:
>
> Hello all, I have been hacking some code around to see if it is possible
> to
> prevent multiple logins from the same account. ...
> My problem is when a user click the X
> button, or hits alt + 4, I do not think javascript can pick that up right
> to
> set the logged in status to no via xmlhttp. has anyone figured this out,
> or
> is it not possible the way I am trying to do it? Thanks in advance.
>
> Ninja,
>
> In the stateless context of web development, it is impossible to rely on
> the client for a "logout signal".  Imagine if the user loses Internet
> connection or the power goes out.
>
> What you can do is put a field in the login table called "last_activity"
> and update it with the current date/time on every request from that user.
> Then, at login, you can check that the last_activity to make sure it is
> greater than 30 minutes or whatever your timeout is.  You'll also want to
> add a second check that each request comes from the same IP address as the
> original login.
>
> Even then, you'll have some loopholes.  On a large network with one WAN
> IP, it is ultimately impossible to detect two users using the same login on
> that network.  Also, if the user clears his/her cookies, they'll see your
> "already logged in" message when they try to reauthenticate.  They'll then
> have to wait for the inactivity period to timeout.
>
> Perhaps there are some other "ninja hacks" but that's all I've seen.
>
> --Ken Snyder
>
>