[UPHPU] Best way to prevent multiple logins from the same account.
Jacob Wright
jacwright at gmail.com
Fri Apr 6 14:33:08 MDT 2007
If you want to do it via XMLHttpRequest you can. But this means they have to
have javascript enabled. If they don't then they're forever logged in. So
here's my suggestion:
1. on each request write to the database that they're logged in and the
timestamp of the last accessed page.
2. if an attempt to log in happens and that last accessed page happened 30
minutes (or so) ago, let them log in anyway, then they're not locked out
forever.
3. log them out via XMLHttpRequest when they close the browser
As far as step 3 goes, you can do this with the onBeforeUnload event or the
onUnload event if you do do the XMLHttpRequest non-asynchronously. Then the
page will wait until the request comes back before it let's itself close
completely. This won't work if they kill the process using Ctrl+Alt+Del or
something, but honestly, who closes their browser that way? :)
I know this works because I've tested it in my development for
MyStickies.com. I just couldn't use it with MyStickies because of the
same-domain sandbox that browsers put up for XMLHttpRequest
Any questions let me know.
Jacob Wright (ninja deluxe)
More information about the UPHPU
mailing list