Page 1 of 1

Prevent multi-session

Posted: Mon Feb 11, 2008 2:04 pm
by tcardoso
Hi,

I want to catch multi-session and logout who makes it. Like if you are working on a Firefox browser and if you login on a IE browser, the first session has to be disabled. Same thing on tabs on firefox, etc...

Only one window session active! How can I do it?

Thanks

Re: Prevent multi-session

Posted: Mon Feb 11, 2008 2:24 pm
by jmut
is there some real reason for this? What problem are you trying to solve.
Well, you can flag that a user is logged, and if he attempts to log again to deny or whatever....problem in this approach is ..what if user just close browser and don't use logout to quit. Then it's quite possible you deny login if he tries after that.... (maybe partially solved with session timeout or something)

Re: Prevent multi-session

Posted: Mon Feb 11, 2008 2:42 pm
by tcardoso
Well, but the last login would stay active, not the old.

And using tabs, users don't have to login again.

Re: Prevent multi-session

Posted: Mon Feb 11, 2008 3:11 pm
by Christopher
You will probably need to check $_SERVER['REMOTE_ADDRESS'] and the server string to see if you have the same person, but a different browser. Do this before you start the session and deny as appropriate.

Re: Prevent multi-session

Posted: Mon Feb 11, 2008 10:26 pm
by Festy
jmut wrote:is there some real reason for this? What problem are you trying to solve.
Well, you can flag that a user is logged, and if he attempts to log again to deny or whatever....problem in this approach is ..what if user just close browser and don't use logout to quit. Then it's quite possible you deny login if he tries after that....
This can be the right solution if you set a cookie at the login and unset that cookie only if logout() function is called. This way if the user closes the browser and logs out unexpectedly , the cookie will still be set, and he/she won't have any problem login next time. Because at login we can check whether the cookie is set or not, if it is set then we can turn off the login flag, so that the user can login.

Re: Prevent multi-session

Posted: Tue Feb 12, 2008 1:15 am
by jmut
I still fail to see the real reason behind it. Why would you want to prevent this. Also, anything that is client depended (cookie in this case) I would not rely on.

Re: Prevent multi-session

Posted: Tue Feb 12, 2008 1:28 am
by Benjamin
Ok just to be clear, closing a tab in firefox won't end a session, even if it's the last tab open for a specific website.