[UPHPU] Best way to prevent multiple logins from the same account.

[phpninja]

All good ideas. I think I am going to look into my own custom session
handling, or a timestamp notification method. I wish I could use JS for
this, but theres that 1 out 100 chance the browser will somehow freeze on
their end and the function will not run, leaving them logged in with no way
to get back in. I do Appriciate the insights.


On 4/6/07, Jacob Wright <jacwright at gmail.com> wrote:
>
> If you want to do it via XMLHttpRequest you can. But this means they have
> to
> have javascript enabled. If they don't then they're forever logged in. So
> here's my suggestion:
>
> 1. on each request write to the database that they're logged in and the
> timestamp of the last accessed page.
> 2. if an attempt to log in happens and that last accessed page happened 30
> minutes (or so) ago, let them log in anyway, then they're not locked out
> forever.
> 3. log them out via XMLHttpRequest when they close the browser
>
> As far as step 3 goes, you can do this with the onBeforeUnload event or
> the
> onUnload event if you do do the XMLHttpRequest non-asynchronously. Then
> the
> page will wait until the request comes back before it let's itself close
> completely. This won't work if they kill the process using Ctrl+Alt+Del or
> something, but honestly, who closes their browser that way? :)
>
> I know this works because I've tested it in my development for
> MyStickies.com. I just couldn't use it with MyStickies because of the
> same-domain sandbox that browsers put up for XMLHttpRequest
>
> Any questions let me know.
>
> Jacob Wright (ninja deluxe)
>
> _______________________________________________
>
> UPHPU mailing list
> UPHPU at uphpu.org
> http://uphpu.org/mailman/listinfo/uphpu
> IRC: #uphpu on irc.freenode.net
>