session question

doobster

Any light on this situation would be helpful.

My members login and everything works fine.

But want I want to do is check if a member logs in twice using two different browsers.

I.e. User smithj logs in with Internet Explorer and a session is created. Now user smithj opens up Netscape and logs in and creates a new session. User smithj now has two different session opens with the same user name.

Is there a way to read through all session files to determine if a session is already created for a particular user and not allow them to log in again?

Thanks

stolzyboy

you could track it via mysql, insert a session id into the db when he logs in with IE, then when he tries to login with netscape/whatever, you can check that session id against the one in the database to see if they correspond, if the do/don't, then you can do whatever you want with them, the only problem you are gonna run into is if he closes his browser and doesn't click a logout button or something with IE, he still won't be able to get in with NS, or IE for that matter, cuz the session id won't match, but you can always run a php page with cron

doobster

it sounds like a possible solution, but as you said it would cause problems if they did not log out.

is there not a way to "read" through all open sessions?

stolzyboy

i suppose you could [man]readdir[/man] on the sessions stored folder and match against all of those, but there again, sometimes the sessions don't get deleted right away, yes you get a new one, but sometimes the old ones don't go away for awhile

doobster

Is this possible and does it sound reasonable?

User logs in.
Add to database user id, session id.

If user logs in again.
Check if user id and session id match database.

if they do not
display a message indicating another session is opened or not successfully closed. provide a link to click that will destroy the old session and create a new one.
once new session is created update database with new session id.

if this is possible how would i delete the old session based on the session id?

stolzyboy

that sounds reasonable, then to delete you would do something like

delete from tablename where user_id = 'usersid' and != 'currentsession'

to kill the other session

doobster

i understand the database part. but how would i actually delete the other session if it still exists?

simply updating the database will not eliminate the old session.

stolzyboy

oh, sorry, you can look it up, then [man]unlink[/man] it

doobster

ok thanks.

time to go write some test code.