[UPHPU] Best way to prevent multiple logins from the same account.
cole at colejoplin.com
cole at colejoplin.com
Tue Apr 10 22:30:14 MDT 2007
PHP and JS hoops are not a very simple or effective way to go. Don't
work so hard! I have used sessions quite a bit. They are simple, with
some obscure gotchas, but aren't a big deal to overcome. I recommend
reading this:
http://www.sitepoint.com/blogs/2004/03/03/notes-on-php-session-security/
Basically, where this much security required, it's best handled with
SSL. Aside from that, you really don't need to do anything crazy or
fancy. IMO, the simple solution is the best.
As for timing, if you're on a shared server, before you start your
session, you can call ini_set() to control the session timeout.
-- Cole
More information about the UPHPU
mailing list