session same login on different systems

Anon

Anyone knows the best way to tackle this problem using sessions? Suppose a user logs onto a computer with a username, password and some other user on another computer simultaneously logs in with the same username and password. What would be the best way to stop this?

Thanks!!
beginner php'er

Anon

Well, you should use a database (what you should do to check users and passwords), and for each user, there would be some columns that say if the used if logged, it's IP address, since when he's logged, etc. When another person tries to log with his username and password, you check, in the database, if he's logged. If he is, you give an error, if not, you allow the person to log on. BUT you really should think about an expiration system. Suppose that the user who's logged doesn't think to "log-out" (that would change some values in the DB : "the user is no more logged in"), he'll never can log in again ! So you have to think... first, when did he logged in ? first, is that time + (let's suppose) 1 hour smaller that the current time ? If yes, in the DB, "the user is no more logged in". Of course, you could add his IP address in the DB to allow him to log again if he didn't think to log-out, but what happens if he is in a big office where there are 1 500 people working ? A lot of those people will have the same IP ! So that is not secure !!

Hope it helped !!