i'm new to php. i'm creating a website and i want to restrict multiple login ofr the same account.
i came up with this solution, can u read it please and tell me what u think, it urgent.
When the user logs in, i set a boolean flag to 'yes' and update the timestamp in the DB to the login time.
if the user properly logs out, this boolean will be set 'no'.
Now, if a another person tries to login while the original user is logged in, the boolean will be validated and the login will fail.
the problem is: how to handle browser close issue.
i came up with this idea: i create a session variable that contains a timestamp of the user's last activity($_SESSION['last_action']).
on each page load we execute the following:
Code: Select all
if ( (current time - $_SESSION['last_action']) > $time_out_max )
{
//update the $_SESSION['last_action'] and set it to the current time
// update the database and set the 'last_action' field to the current time.
}if the ( current_time - 'last_action') field is larger the $cron_time_out (this means that user was inactive and most propably closed the browser) in this case we reset the account and set the boolean flag to 'no'.
incase that the user didn't close the browser but was inacative for a a period larger than $cron_time_out, we redirect her to the login page on the next page load.
one of the draw backs of this soultion is that if the user mistakenly closes the browser he/she will have to wait for a certain amount of time to log in again. but this can be solved by comparing IPs.
is this efficient? is there a better way? tell me what u think.
thanks in advance