Page 1 of 1

Loggin in on two different connections...same user

Posted: Wed Feb 15, 2006 8:11 pm
by cnl83
I have an application that has user verification. The problem is, if I login, someone else on a different connection can login at the same time using my user name & pw. Can someone point me in the right direction to prevent this?

Some kind of single user session or something?

Posted: Wed Feb 15, 2006 9:11 pm
by josh
Correct, bind the sessionID to the user and only allow one sessionID per user.

Posted: Wed Feb 15, 2006 9:52 pm
by cnl83
But each page that is accessed, generally starts a new session...I think. I mean I have the session tag at the start of each page. Do you know of any samples I can maybe pull some code from and get to work.

Posted: Wed Feb 15, 2006 10:58 pm
by josh
A new session will not be created unless the session does not exist. The call to session_start does one of two things

Continues the current session

if it cannot find a session it starts a new one.

Posted: Thu Feb 16, 2006 12:00 am
by cnl83
Ok, kewl..

I looked on php.net for bind function, or just "bind", and could not find anything on it.

Posted: Thu Feb 16, 2006 12:09 am
by josh
You have to do that yourself, add two fields to the users table that says which sessionID they are using and the time they last used it, then you can update those on each page view and check against it, if a user tries to use a sessionID that differs from one they used within X minutes ago you assume its a duplicate user. If the user manually logs out you'd want to reset these fields so they can log back in again.

Posted: Thu Feb 16, 2006 12:12 am
by Christopher
By "bind" I think jshpro2 means to associate the session with the user record in the database. This could be a field in the user record where the session ID is saved upon login or a separate table to track userID/sessinID pairs. Obviously logout would clear this field. The trick is what to do with abandoned logins.