Authentication Control

Anon

I have a small problem, perhaps someone has a suggestion...

I am using an HTTP authentication script to log users into a private area.

All is fine except there is nothing to stop two or more users from being logged on simultaneously with the same details.

In other words, how do I catch a password that has been distributed by blocking a second user from gaining access? I've tried using sessions but I'm not sure how to check if a session value already exists for another user.

Is there some way I can do a compare against a global array of sessions & values?

Any ideas or general directions to go in will help ;P

Cheers

Colin

gio2k

Session variables are specific to a browser session. If you want to prevent access of more than one user with the same login data, you have to use other techniques.
You can have a simple login table with user info and a 'logged in' field (like a flag).
Then you'll have to code routines to check the field_status, and update it accordingly

HTH,

-Gio-

Anon

Right!

Thanks - at least now I'm not chasing some impossible script!

Now for my next question:

Using your model, I would create a record in a table with username, time, maybe IP address or something, and if this exists and someone else tries to log in, the record will be found and they will be denied access.

The thing is, how do i delete this record once they have finished their session?

Is it simply a case of cleaning this table manually? It could get pretty big with every visitor being registered.