Hi,
The following problem i have researched but could not find an answer...i need a way of restricting a user from logging from more than one browser at a time. for example to stop one user from passing around their login and password to collegues ... is their away to do this anyone...i know that i could store a ticket when they login but unless they push the logout button then the ticket will not be cancelled ie if they close the browser then when they try to log in their will still be a ticket stopping them form logging in...any ideas would be greatly appreciated,thanks
One login allowed per user id at any time
Moderator: General Moderators
- Chris Corbyn
- Breakbeat Nuttzer
- Posts: 13098
- Joined: Wed Mar 24, 2004 7:57 am
- Location: Melbourne, Australia
Re: One login allowed per user id at any time
For every requested page you have to check if their 'session' is still valid.
If they login a second time, generate a new session, and invalidate the previous session(s).
Now, they are always capable of logging in and only the most recent login will be able to access the data.
If this isn't enough you can also add an interval between the generation of two logons.. Probably a timeout that grows when the number of logon attempts grows...
If they login a second time, generate a new session, and invalidate the previous session(s).
Now, they are always capable of logging in and only the most recent login will be able to access the data.
If this isn't enough you can also add an interval between the generation of two logons.. Probably a timeout that grows when the number of logon attempts grows...
Thanks for the feedback...we thought this was a good idea only the fact that we would be kicking the first user out but we actually want to stop the second user from logging in....we came up with a a solution...we use it inline with ajax...when a user logs in and they have to have javascript installed or less we log them out ...every time they do an action we check to see if javascript is still enabled...every minute we send a response to the server updating a timestamp along with the user id...when someone else tries to log in using this id we check to see if the timestamp is more than 1 minute old...if it is then it means the user has closed their browser and we can log the second person in...if it is less than a minute we block this user