hi,
How to block parallel login? How can I block multiple login attempts in to a single account, when that user have already logged in?
friends i f u have existing code or suggestions for this problem please forward.
Best Regards
Akash
How to block parallel login?
Moderator: General Moderators
- jayshields
- DevNet Resident
- Posts: 1912
- Joined: Mon Aug 22, 2005 12:11 pm
- Location: Leeds/Manchester, England
Re: How to block parallel login?
The basics of a mulitple login prevention system are simple, but can get complicated.
Basically all you need is a flag in your database for each user to determine whether they are logged in or not. Just change the flag when they login/logout. The complicated bit is tracking when a user logs out. Most implementations have a time out, so if the user has not requested anything from the website within, say, 5 minutes, they are deemed as having logged out (or navigated from the website, closed the browser, turned off machine, etc.).
This could cause problems because if a user navigates away from your website and then tries to access it again (from a different machine or a restarted browser) within 5 minutes then he/she won't be allowed to login. You could get around part of the problem by logging the IP of the user, and if the IP is the same, let them login again even if it's within the 5 minute window. This doesn't solve the problem for other machines though - but what are the chances of a user doing that anyway?
Basically all you need is a flag in your database for each user to determine whether they are logged in or not. Just change the flag when they login/logout. The complicated bit is tracking when a user logs out. Most implementations have a time out, so if the user has not requested anything from the website within, say, 5 minutes, they are deemed as having logged out (or navigated from the website, closed the browser, turned off machine, etc.).
This could cause problems because if a user navigates away from your website and then tries to access it again (from a different machine or a restarted browser) within 5 minutes then he/she won't be allowed to login. You could get around part of the problem by logging the IP of the user, and if the IP is the same, let them login again even if it's within the 5 minute window. This doesn't solve the problem for other machines though - but what are the chances of a user doing that anyway?