Loggin in on two different connections...same user

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
cnl83
Forum Commoner
Posts: 44
Joined: Mon Sep 26, 2005 10:34 am

Loggin in on two different connections...same user

Post by cnl83 »

I have an application that has user verification. The problem is, if I login, someone else on a different connection can login at the same time using my user name & pw. Can someone point me in the right direction to prevent this?

Some kind of single user session or something?
josh
DevNet Master
Posts: 4872
Joined: Wed Feb 11, 2004 3:23 pm
Location: Palm beach, Florida

Post by josh »

Correct, bind the sessionID to the user and only allow one sessionID per user.
cnl83
Forum Commoner
Posts: 44
Joined: Mon Sep 26, 2005 10:34 am

Post by cnl83 »

But each page that is accessed, generally starts a new session...I think. I mean I have the session tag at the start of each page. Do you know of any samples I can maybe pull some code from and get to work.
josh
DevNet Master
Posts: 4872
Joined: Wed Feb 11, 2004 3:23 pm
Location: Palm beach, Florida

Post by josh »

A new session will not be created unless the session does not exist. The call to session_start does one of two things

Continues the current session

if it cannot find a session it starts a new one.
cnl83
Forum Commoner
Posts: 44
Joined: Mon Sep 26, 2005 10:34 am

Post by cnl83 »

Ok, kewl..

I looked on php.net for bind function, or just "bind", and could not find anything on it.
josh
DevNet Master
Posts: 4872
Joined: Wed Feb 11, 2004 3:23 pm
Location: Palm beach, Florida

Post by josh »

You have to do that yourself, add two fields to the users table that says which sessionID they are using and the time they last used it, then you can update those on each page view and check against it, if a user tries to use a sessionID that differs from one they used within X minutes ago you assume its a duplicate user. If the user manually logs out you'd want to reset these fields so they can log back in again.
User avatar
Christopher
Site Administrator
Posts: 13596
Joined: Wed Aug 25, 2004 7:54 pm
Location: New York, NY, US

Post by Christopher »

By "bind" I think jshpro2 means to associate the session with the user record in the database. This could be a field in the user record where the session ID is saved upon login or a separate table to track userID/sessinID pairs. Obviously logout would clear this field. The trick is what to do with abandoned logins.
(#10850)
Post Reply