One user logged (per username) in at a time
Moderator: General Moderators
One user logged (per username) in at a time
How would you make sure that people can't log in on two different machines with the same username at the same time?
-
jamiel
- Forum Contributor
- Posts: 276
- Joined: Wed Feb 22, 2006 5:17 am
- Location: London, United Kingdom
On what scale is the site? You could put the Username in the session, then search your Session directory on the server on each login attempt for any matches. You would need a really short timeout however so as not to annoy returning users.
This solution will become impratical with thousands of users however.
This solution will become impratical with thousands of users however.
- daedalus__
- DevNet Resident
- Posts: 1925
- Joined: Thu Feb 09, 2006 4:52 pm
Funnily enough, Porn sites use it to determine if someone is account sharing (or if it has been hijacked)
My best guess would be Session ID (assigned to username) and IP comparison.
If account 'x' logs in, is using IP 42.234.56.12 and is assigned a session id of '123'
Within a few minutes, 'x' logs in again with IP 89.345.21.22 and has to have a new session id..
What is the likely hood of them being the same person?
My best guess would be Session ID (assigned to username) and IP comparison.
If account 'x' logs in, is using IP 42.234.56.12 and is assigned a session id of '123'
Within a few minutes, 'x' logs in again with IP 89.345.21.22 and has to have a new session id..
What is the likely hood of them being the same person?
-
alex.barylski
- DevNet Evangelist
- Posts: 6267
- Joined: Tue Dec 21, 2004 5:00 pm
- Location: Winnipeg
You could have a flag in your authentication table which is set upon successful login. Hook into your session table and determine when a session is removed and clear the flag at that point...
It'll be cleared either explicitly when someone logs out or when a session expires...
Not sure if it's nessecary, but I've used it as a technique before...
Depends on the data and your audience...
Porn for instance, is a valuable commodity...as in it makes good money, but the users are likely shady enough to attempt dual usage on a single account...
So in that case, it makes sense...
Programming communities like this, not so much...if someone has your password your in trouble and should change it ASAP, concurrent usage though doesn't really pose a problem...
It'll be cleared either explicitly when someone logs out or when a session expires...
Not sure if it's nessecary, but I've used it as a technique before...
Depends on the data and your audience...
Porn for instance, is a valuable commodity...as in it makes good money, but the users are likely shady enough to attempt dual usage on a single account...
So in that case, it makes sense...
Programming communities like this, not so much...if someone has your password your in trouble and should change it ASAP, concurrent usage though doesn't really pose a problem...