Page 1 of 1
One user logged (per username) in at a time
Posted: Fri Jul 28, 2006 9:53 am
by Luke
How would you make sure that people can't log in on two different machines with the same username at the same time?
Posted: Fri Jul 28, 2006 9:58 am
by jamiel
On what scale is the site? You could put the Username in the session, then search your Session directory on the server on each login attempt for any matches. You would need a really short timeout however so as not to annoy returning users.
This solution will become impratical with thousands of users however.
Posted: Fri Jul 28, 2006 9:59 am
by Luke
is this even a necessary security precaution?
Posted: Fri Jul 28, 2006 10:58 am
by daedalus__
I can't think of a large site that I have seen use it.
Posted: Fri Jul 28, 2006 11:54 am
by Jenk
Funnily enough, Porn sites use it to determine if someone is account sharing (or if it has been hijacked)
My best guess would be Session ID (assigned to username) and IP comparison.
If account 'x' logs in, is using IP 42.234.56.12 and is assigned a session id of '123'
Within a few minutes, 'x' logs in again with IP 89.345.21.22 and has to have a new session id..
What is the likely hood of them being the same person?
Posted: Fri Jul 28, 2006 12:05 pm
by mu-ziq
You could store PHPSESSID of each successful login inside DB table associated with that user and check it on each page load. Every new successful login will rewrite PHPSESSID DB value thus rendering previous login useless.
Posted: Fri Jul 28, 2006 12:09 pm
by alex.barylski
You could have a flag in your authentication table which is set upon successful login. Hook into your session table and determine when a session is removed and clear the flag at that point...
It'll be cleared either explicitly when someone logs out or when a session expires...
Not sure if it's nessecary, but I've used it as a technique before...
Depends on the data and your audience...
Porn for instance, is a valuable commodity...as in it makes good money, but the users are likely shady enough to attempt dual usage on a single account...
So in that case, it makes sense...
Programming communities like this, not so much...if someone has your password your in trouble and should change it ASAP, concurrent usage though doesn't really pose a problem...