Here is what i want :
"If a user is looged in and another user with the same login/password tries to enter the system he should not be able to login until the other user logged out of the system."
I can store the entry for the user in the table. And as long as that entry stays in the table other users can not login.
But the problem is when should i delete this entry from table.
When user presses logout is Ok.
But what if the light goes off or any other unintential log out .
Please advise.
Regards,
Atiq
Denying Multi Login with same ID
Moderator: General Moderators
The first thing that pops to mind is a cookie/session combo. When a person logs in, create a custom session id, and store it both in the db (along with the associated username and the expiration time), and in the cookie. When a person logs in, initialize the session in the db, and set the cookie. When a person goes to a new page, update the expiration time on the session, if they've got a legitimate cookie. So, when a person logs in, check if there's already a session attached to their username. If they don't have the corresponding cookie, deny them.
Real programmers don't comment their code. If it was hard to write, it should be hard to understand.
It is a judgement call, but you need to keep info on when the user last loaded a page and give some grace period after that before they are considered automatically logged out.
For example it could be within 10 minutes of their last page load.
However you need to consider that a user might close (or crash?) their browser and then come back with a fresh browser instance (and hence no session cookies) and be blocked from loggin in even though it was them who was previousy logged in with that username. Dont know about your users but that would probably annoy the h*** out of me
You could always store a more premanent cookie and let them back in within the lockout period if they appeared to be on the same machine?
Is this a security measure of some kind?
For example it could be within 10 minutes of their last page load.
However you need to consider that a user might close (or crash?) their browser and then come back with a fresh browser instance (and hence no session cookies) and be blocked from loggin in even though it was them who was previousy logged in with that username. Dont know about your users but that would probably annoy the h*** out of me
Is this a security measure of some kind?
-
PAW Projects
- Forum Commoner
- Posts: 30
- Joined: Tue Jun 15, 2004 7:43 am
- Contact:
You can delete the entry either when they log out, when their session times out or, as ~DaiWelsh says, when they log in to another computer. It's just a simple matter of changing the value of the cookie and/or removing a row from a MySQL table.
Real programmers don't comment their code. If it was hard to write, it should be hard to understand.