Page 1 of 1
PHP One-Session Login
Posted: Mon Jun 02, 2008 7:01 pm
by tecktalkcm0391
Hello,
I tried google to get a solution, but I couldn't find anything but Single Sign-on with a security key device. Any ideas/suggestions/examples?
Thanks a ton!
Also: I haven't looked into it yet, but can Flash keep a session from a website that it gets information from?
Re: PHP One-Session Login
Posted: Tue Jun 03, 2008 7:49 am
by vargadanis
Hi!
You gave us too little information. It is like I looked in the shop but all shoes were blue. Ideas?
If you tell us what you want you mean by "One-Session Login" we could give you ideas on how to do it. Do you want a session based login system?
Re: PHP One-Session Login
Posted: Tue Jun 03, 2008 8:52 am
by tecktalkcm0391
I want to be able to only allow a user to be logged in on one computer at a time. If a session is active at another computer, than a message is displayed when a user tries to login from another computer. I only want users to be logged in on one computer because I am developing a system that allows collaboration by multiple users, and you cannot have a person collaborating on the same username on two computers, because it would cause each user to overwrite the others work.
Thanks!
Chris
Re: PHP One-Session Login
Posted: Tue Jun 03, 2008 9:01 am
by Amit Mehta
you give little info. about this pls explain.
Thanks
Amit
Re: PHP One-Session Login
Posted: Tue Jun 03, 2008 10:51 am
by tecktalkcm0391
Sorry, i thought i was clear enough...
User1 logs on to computer1, then user1 tries to login into computer2.. it should deny him until he logs off of computer1, or the session on computer1 expires.
Is that more clear? I don't want users to be allow to login to more than one computer session at a time (computer or browser session)
Do you still need more information?
Re: PHP One-Session Login
Posted: Tue Jun 03, 2008 12:25 pm
by vargadanis
tecktalkcm0391 wrote:Sorry, i thought i was clear enough...
User1 logs on to computer1, then user1 tries to login into computer2.. it should deny him until he logs off of computer1, or the session on computer1 expires.
Is that more clear? I don't want users to be allow to login to more than one computer session at a time (computer or browser session)
Do you still need more information?
It was clear enough. He might have posted his reply just after you gave info. That could have been the problem or who knows...
Ok, so what I would do is checking the IP or MAC address of the user. Store it in a DB, maybe a temporary table or just add a login_ip field to the table you use. When a user tries to log in from a computer it will be checked for the IP and if the IP exists somewhere in the table, the function will return false instead of a login session. Sounds logical to me.
Or... If you do not want to mess with this kind of things than just use last_logged_in as a data in the DB and as long as it is not expired the user won't be able to relog, unless he log manually out. This is obviously not that neat.
That's all that comes to me at this point. If I've got any other idea I will let you know about it.
Re: PHP One-Session Login
Posted: Tue Jun 03, 2008 8:22 pm
by tecktalkcm0391
Ok, so do a database based session, with a field to check if the user is logged in already... go it... i just wanted to see what someone else thought thanks!
Re: PHP One-Session Login
Posted: Wed Jun 04, 2008 2:05 am
by vargadanis
No probs... Let me know if you've got something else figured out in PM or here. I am interested in the developements...
Re: PHP One-Session Login
Posted: Wed Jun 04, 2008 2:10 am
by Kieran Huggins
a good behaviour is for the new login to expire the old session, since a user may move machines and would be frustrated if he had to wait until the old one timed out.
Re: PHP One-Session Login
Posted: Wed Jun 04, 2008 6:38 am
by tecktalkcm0391
thats is what i was planning... the session would expire after 5 minutes of inactivity.
Re: PHP One-Session Login
Posted: Wed Jun 04, 2008 6:45 am
by onion2k
tecktalkcm0391 wrote:thats is what i was planning... the session would expire after 5 minutes of inactivity.
5 minutes is rarely enough. If your user is filling in a form and takes a break to get a cup of coffee or answer the phone and they're signed out they'll get annoyed and give up. For high security sites I go with 15 minutes, for lower security I go with an hour.