session expire

eon

hello everybody,

i'm looking forward for some help.
briefly, i'm in a project of developing a simple online system, which requires the user to login before browsing the system.

how can i make sure that only one user(username) is in the system at a time? and how can i make the system secure, in a way that the user must go thru the login page.

seems that i'm also a so-called 'new' in this, i manage to make the user to login, but there's no security ;p in a way, even if the user has already close the system, they can enter it back by typing or selecting the URL add.

thanks for your help/advice.

-eon-

Truti

The only thing i can think about right now is a system there set the user inactiv after 1,2,3,4,5,6 min. of inactivity.

PHP can not detect when the browser is been closed, and when the user click back/forward.

I have made that type of log-in system, where I call a function on every page, and then update my database, with the current time so the inactivity protector are been reseted.

weekender

sorry truti, again i must disagree - php can know when the browser is closed. When you open a website in a browser, the connection to the server (not necessarily to php) is kept open as long as the browser is open. If you are using sessions, that session id is bound to the connection. If you use [man]session_cache_expire/man then the session will expire as soon as the browser is closed - effectively logging the user out.

also, you can make sure only one user is logged in at a time. When a session is created, it is stored in a file in the location stored in [man]session_save_path/man or in php.ini

so there is one file per session, and so when somebody tries to login, count the number of files in this directory and that is the number of current users. This assumes of course that there are no sessions for users not logged in.