Unique Login

Anon

I've noticed that solutions for PHP-MySQL authentication allows for multiple logins using the same username-password pair (at least those which I have encountered). I would like to know if there is a way to limit the login of a specific username to single instance, and if there is, how to implement it using PHP3.

Anon

check it against the database

Alain wrote:

Anon

You could try keeping session data in a database, and deleting it regularly if not updated (eg every 10 minutes). Otherwise, someone close their browser without logging out, leaving session data in the database - this means they won't be able to log back in again till the database is cleared.

This would be easy to do with timestamps in each field... Then each time there is activity on the page (or cronjob, whatever) just delete all records > 10 minutes old. Whenever someone moves to a new page within the authenticated site, update their database fields to a new timestamp, keeping them from being deleted.

I know what I mean, just am not writing it very clearly g Just post for a longer description (sorry, need more sleep/caffeinee/both grins)

Ross
ross@activestudios.net
www.activestudios.net

Anon

I think the first two replies misunderstood.

What you could do is add a field to the user database called, I dunno... logged_in. WHen a user logs in, check the logged_in field, too. If the field is set to one, disallow further logins for that name. If the field is set to 0, log them in and set logged_in to 1.

Anon

Brett's idea is the one i am using. e.g. i have user table, and if user logs in the is_lgged field goes to 'Y'. and when user is logging in i check if the field is 'N'. if it is then it allows login, if its 'Y', it will not allow.

But, the problem is, what if user closes the browser accidentally? then its a deadlock, user waiting for the db to clear its acces, and db waiting for user to logout 🙂.

for this you can have time limit. give it e.g. 4 hour session to every user, so after 4 hours db will automatically change teh 'Y' to 'N'.

regards,
Daarius...

Anon

Thanks. This is exactly the same thing which I thought of at first - a session flag, with a session id and log time. However, my major concern is that this approach can bring about complications which might prove annoying as this can cause legitimate users to be locked out of the system (even with a cronjob).

On a 10 minute flag-reset cronjob scheme, say a user has logged in and only after a few seconds gets disconnected. He'd probably still need to wait some 9 minutes or so to log in again.

Or when a logged in user logs in an does not finish with a page within the set 10 minutes (perhaps he's reading a long document or finishing a long form). The flag resets and someone would be able to get in. He would then be unable to read on (or submit that form which took him more than 10 minutes to finish).

Anon

Anyone found a good solution for this Unique Login ?

attd Alain: Any idea on this as you were the one request for solution. So i think you might have something worked out right now.