[UPHPU] Best way to prevent multiple logins from the same account.

Brady Mitchell mydarb at gmail.com
Thu Apr 5 20:05:01 MDT 2007 

By default, session info is stored in a text file on the server. But 
it's possible to store the session info to a database by creating your 
own session handler.

Take a look at 
http://hudzilla.org/phpwiki/index.php?title=Files_vs_databases_for_sessions 
for more info on this topic.

I don't use Pear DB myself, but looking at the pear site, there's a 
package you should look at: HTTP_Session 
(http://pear.php.net/package/HTTP_Session/) the Auth package might also 
be of interest: (http://pear.php.net/package/Auth/).

Brady




phpninja wrote:
> Thanks Brady, I am using the Pear DB class for connections at the moment,
> works great. Now when you say "if (user id is in session table)", i always
> thought session info is stored based on what you set in php.ini. I have mine
> as session.save_path = c:/php/tmp . When session_start is called, it creates
> a file in that directory along with your sessionid. Problem is, when the
> browser is closed, this session ID in that directory does not dissapear. I
> was thinking about about checking the directory for the file and parse the
> ID in there, but there is no way to change that sessionid and file unless
> you destory the session and recreate a new ID. I think I am beating a dead
> horse here, and do not think its 100% possible. Thanks for the insight
> though.
> 
> -phpninja
> On 4/5/07, Brady Mitchell <mydarb at gmail.com> wrote:
>>> Hello all, I have been hacking some code around to see if it is possible
>> to
>>> prevent multiple logins from the same account. That is, if
>> username/password
>>> is currently logged in, and someone opens another web browser and tries
>> to
>>> login with that same username/password it will then redirect them out,
>>> saying that someone from your account is already currently logged in.
>> I did this for a project that I was working on a while ago, using
>> sessions and storing session info in a db table.
>>
>> When someone tries to login:
>>
>> if(username and password combination are valid)
>> {
>>     if(user id is in the session table)
>>     {
>>         login denied because the user is already logged in
>>     }
>>     else
>>     {
>>         login and direct to requested page
>>     }
>> }
>>
>> Obviously this is a very brief overview of how it could be done. I'm not
>> even sure this is the best way for it to be done. I ended up abandoning
>> the previously mentioned project so I haven't dealt with this in a
>> production environment.
>>
>> I suggest reading up on sessions on php.net
>> http://us2.php.net/manual/en/ref.session.php.
>>
>> Also, I like to use the ADODB class (http://adodb.sf.net) for db
>> connections, and it makes storing session info in a DB extremely easy.
>> So check it out if you're struggling or just want some sample code on
>> how to do this.
>>
>> Brady
>>
> 
> _______________________________________________
> 
> UPHPU mailing list
> UPHPU at uphpu.org
> http://uphpu.org/mailman/listinfo/uphpu
> IRC: #uphpu on irc.freenode.net
>

More information about the UPHPU mailing list