Page 1 of 1

Session controling

Posted: Wed Jan 14, 2009 4:36 pm
by aibanez
I have using Moodle PHP-MySQL in a shared host service, I want to control (if exist a way to do it) when a user Loogs-in into mooodle verify if the same user has an existing session from a different IP. If the user has other session active from a different IP the other session will be terminated. In other words I want to control that one specific user can sig-in from a unique ip address simultaneously.

I'm not an expert PHP programmer.

Than you in advance

Cheers!!!

Re: Session controling

Posted: Wed Jan 14, 2009 10:51 pm
by novice4eva
You would have to have a table that stores : 1) the user id that identifies the user 2) the session id of the user logged in 3) time of log in.
you would need to invoke a function in each of your php file, this function will basically check if same user id exists for multiple times with different session id and then if it does, destroy the session using session_destroy function of the user with the newer date(or even block him/her at login). I seem to have excluded the ip part, IP can change(but you can use it if it is a intranet setup and people don;t fiddle with IPs :) ) and this can be achieved without involving IP too.

This has a drawback though, sometimes users will not LOG OUT(then you will flush the table contents) but just close the window and leave, that would cause big problem coz then the user will not be allowed to log back! There is a temporary solution for this too, but it's not a robust solution. This issue is discussed here viewtopic.php?f=1&t=90176&hilit=+session

Re: Session controling

Posted: Fri Jan 16, 2009 10:55 am
by kaisellgren
aibanez wrote:I'm not an expert PHP programmer.
I think you need intermediate PHP & SQL skills to achieve what you need.
aibanez wrote:I want to control (if exist a way to do it) when a user Loogs-in into mooodle verify if the same user has an existing session from a different IP. If the user has other session active from a different IP the other session will be terminated.
Upon a successful logon, check for previous sessions from this user ID and delete them. You do not need to check whether it's old session if you first remove all sessions from this particular user and after that then create this new session.