[UPHPU] Best way to prevent multiple logins from the same account.
Mac Newbold
mac at macnewbold.com
Fri Apr 6 10:34:06 MDT 2007
Yesterday at 10:47pm, Brady Mitchell said:
>>> Now that I marked Daniel as spam, does anyone have a real reply?
>>
>> Cute. Since you missed it the first time, here's the essence of my
>> original response:
>>
>> You can't.
>
> Actually.. you can. Not quite the way that he was looking to do it, but it
> can be done.
I tend to agree with Brady I think, but it definitely is more tricky than
it sounds. The complicating factor is that you know whenever someone
accesses a page, but you never know when that will be their last access of
the page. If they don't log out, but their session gets terminated, then
they're locked out until you decide that they're really gone even though
they didn't log out.
One way around that is to do something like this. Whenever they log into
the site, check if the user has made other requests recently (from the
same or another location), and if they have, show them a warning message.
Tell them that it looks like they may already be logged on, and if they
continue, it will log out the other one. If they cancel, then you let the
other login stay valid, but if they click ok/continue, then the next time
the other user tries to load a page, you invalidate him. One way to
implement that would be by storing the connection details (at least the
IP, maybe some other stuff too, like the session ID) in the user's table,
and if someone tries to access it but they don't match the most recently
used connection details, you reject them, and tell them that they have
logged on from another location and their session has been terminated.
Mac
--
Mac Newbold MNE - Mac Newbold Enterprises, LLC
mac at macnewbold.com http://www.macnewbold.com/
More information about the UPHPU
mailing list