Page 1 of 1
Pevent user from using the same account
Posted: Mon Mar 19, 2007 2:04 am
by jlising
Hello!,
I have an application written in PHP and Javascript.
How do I prevent the users from logging in if the user is already logged in? This is to prevent the users from using same account at the same time.
Thanks!
Posted: Mon Mar 19, 2007 3:42 am
by Oren
Simply.... when the user logs in, turn on some flag in your database. Let's say, add a new field to your database: online. When someone tries to log in you check if this flag is "on" or "off", if it's "off" you log him in and change it to "on"; if it's already "on" you give him an error message and you don't log him in.
Posted: Mon Mar 19, 2007 3:50 am
by jlising
Thanks!
I made a flag field 'online'. This field is marked 'on' every time the user logs in. My concern is, what if the user does not log out properly instead he/she close the browser. I believe the value of the 'online' field will be orphaned with value 'on'. So, the next time the user wants to log, an error message will appear.
Is there a way to prevent this kind of situation? Can I restrict user from improper logout?
Posted: Mon Mar 19, 2007 3:53 am
by Kadanis
There's no way to prevent an improper logout, as you can't stop them from just closing the browser. You could also record a last action time stamp and use that along with some logic to say if they haven't made an action in 15minutes, then log them out automatically.
Posted: Mon Mar 19, 2007 4:38 am
by Chris Corbyn
I find it's best to store the session data in the DB, set a timeout and just look for an active session. Rather than denying the login, you can just kill and exisiting sessions so that the most recent one takes over.
Posted: Mon Mar 19, 2007 4:42 am
by jlising
Okay, I will just kill the first login session instead of denying the last one who tries to login. But I hope I can find the best solution in this issue.
Thank you guys!