Page 1 of 1

How to block parallel login?

Posted: Tue Apr 07, 2009 4:36 am
by akash_msrit
hi,

How to block parallel login? How can I block multiple login attempts in to a single account, when that user have already logged in?

friends i f u have existing code or suggestions for this problem please forward.

Best Regards
Akash

Re: How to block parallel login?

Posted: Tue Apr 07, 2009 5:11 am
by jayshields
The basics of a mulitple login prevention system are simple, but can get complicated.

Basically all you need is a flag in your database for each user to determine whether they are logged in or not. Just change the flag when they login/logout. The complicated bit is tracking when a user logs out. Most implementations have a time out, so if the user has not requested anything from the website within, say, 5 minutes, they are deemed as having logged out (or navigated from the website, closed the browser, turned off machine, etc.).

This could cause problems because if a user navigates away from your website and then tries to access it again (from a different machine or a restarted browser) within 5 minutes then he/she won't be allowed to login. You could get around part of the problem by logging the IP of the user, and if the IP is the same, let them login again even if it's within the 5 minute window. This doesn't solve the problem for other machines though - but what are the chances of a user doing that anyway?