Preventing Multiple Logins

Results 1 to 2 of 2

Thread: Preventing Multiple Logins

  1. #1
    Join Date
    Dec 1969

    Default Preventing Multiple Logins

    Simple really. When somebody at my site logs in, they&#039;re using their username. they&#039;re assigned a session. is there a way to prevent multiple logins? you know, if HeadPenguin is signed in already, how can i keep anyone from signing in under that name until he as logged out or his session has expired?<BR><BR>Thanks.

  2. #2
    Join Date
    Dec 1969

    Default Easy...except...

    Simple: When they login, store their userid and session.sessionID someplace accessible (i.e., in a database or perhaps in an array stored in an application variable). Then, when they login, you check to see if they are logging in from the same session id. If not, kablooey. (You could just check for *any* entry in the table/array, but I figured this way you provide for the guy who accidentally hits the BACK button too many times. He&#039;ll still have same session.sessionID, and no harm just ignoring the login in this case.)<BR><BR>When the session ends, you remove the entry from the table/array.<BR><BR>Now he can login all over again.<BR><BR>Except... What happens if Session.On_End fails to fire, as seems to happen on occasion?<BR><BR>Well, then manage it all yourself: Keep track of the last time he was active in *any* page. If he tries to login with a different sessionID, check if it&#039;s been more than XX minutes since the last activity using the former sessionID. If so, toss the old sessionID and start using the new one.<BR><BR><BR>

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts