User login, one at a time

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
pettazz
Forum Newbie
Posts: 4
Joined: Mon Aug 06, 2007 7:53 pm

User login, one at a time

Post by pettazz »

I've been using php for a few years now, but this is one problem that Google and my usual searches havent solved for me yet.

I have a system which users can log in and out of, with user info stored in mySQL and passing some cookie-based session data around.

But I want to make sure that when someone logs in as, for example, jose, there can only be one jose logged in at a time. More than one seperate user can be on at once, but not the same user from different locations.

I can think of plenty of ways to keep track of when a user logs in and out and implement this...but the problem is what if a user doesn't properly log out using the log out button, instead just going somwhere else or closing the browser.

That's where all my solutions fall apart.

Does anyone have any suggestions?
User avatar
superdezign
DevNet Master
Posts: 4135
Joined: Sat Jan 20, 2007 11:06 pm

Re: User login, one at a time

Post by superdezign »

pettazz wrote:I've been using php for a few years now, but this is one problem that Google and my usual searches havent solved for me yet.

I have a system which users can log in and out of, with user info stored in mySQL and passing some cookie-based session data around.

But I want to make sure that when someone logs in as, for example, jose, there can only be one jose logged in at a time. More than one seperate user can be on at once, but not the same user from different locations.

I can think of plenty of ways to keep track of when a user logs in and out and implement this...but the problem is what if a user doesn't properly log out using the log out button, instead just going somwhere else or closing the browser.

That's where all my solutions fall apart.

Does anyone have any suggestions?
Handle sessions through the database, and have a column that stores the user id. Then, whenever a user logs in, log out the previously logged in user by replacing the entry.
pettazz
Forum Newbie
Posts: 4
Joined: Mon Aug 06, 2007 7:53 pm

Post by pettazz »

Thanks a lot!

There's still a lot of php i've yet to learn, looks like this is a great place to find help on it.
Post Reply