Hello All-
I have a site with a php/mysql login to a subscriber area. The way it currently works is when you login, your information is stored in a database that updates a timestamp every time you hit or refresh a page. If you have been logged in for over 20 minutes without any movement the database dumps your information, logging you out. The problem occurs when you close your browser window (or dialup folks get kicked offline), killing the session cookie, and try to come back before the 20 minute auto logout. In this case the site will not allow you to login because it thinks you already are.
We can't allow more than one person with the same login in at a time, but would like to come up with a way to know if it's at least the same computer, and if so, let them in. I have thought of storing IP's with the login info, but that would only cover static IP customers.
Anyone have any thoughts on how to get around this? It doesn't have to work all the time, but if I could get 75%+ of these occurrences to go away, that would be great.
Thanks!
