Denying multi login

Atiq

I am using a MSSQL server as a database. I want to prevet multi login.

Is there any technique . I have searched and not found any good technique.

I have seen some logics in which if some user logins with the login who is alredy looged in then the first will be thrown out. I don't want iit i simply want that the second person should not be able to login.

Reards,

Atiq

drew010

you could almost easily do this if you integrate an existing "users online" script. basically, the safest way to do it, is query the users online, matching an ip to a username in the table, and if the ip trying to log in under a username is logged in with a different ip then disallow it.

basically you can have a table like this:

ip, username, lastaction

and when someone attempts to log in, you select the ip from that table where username = user trying to log in, if data is returned it means someone is trying to sign in, and then you want to check to see if the ip's are different.
this is to prevent a user accidentally closing a browser while they are logged in and having their session destroyed, and then trying to log back in, but they are still in the active database.

then all you have to do is deny access if the user is logged in, perhaps log the event so you can look into it.

Atiq

Yeah thanks i understand this!

but please also tell me that when and how will we delete the user's entry from table. Is the script to delete the data from table will automatically be called as user may not press logout.

Thanks ,
Atiq

ps2gamer

However, by only allowing one user per IP, it forbids people on a local network to login if someone else on the network is already logged in.

laserlight

Basically, you need some sort of unique token set at each login.

Using IP addresses is one way, but as you noticed, it isnt necessarily unique.

You could set some pseudorandom hash using say [man]uniqid/man, [man]md5/man or [man]sha1/man, and [man]rand/man or [man]mt_rand/man

drew010

Originally posted by Atiq
how will we delete the user's entry from table.

basically, the way the users online scripts work is, your ip is stored along with the time you visit and every time someone visits a page related to the login session, a script is called to see the user's last activity time, if it is greater than something like 10 minutes, (meaning they havnt visitied another page for 10 minutes) you can delete their ip out of the list. you could set this to maybe an hour or however long your sessions last.

as far as two people on the same network logging on, it may be a problem but only if the two people are using the same username which would be included, and i dont see much need for two computers on the same network to be signed in under the same username.