I have a site that has a login function for members. It works great. It is a typical code that checks to see if the username and password combination exists in the database, if it does it sets a session variable. Then of course checks it on the pages where I want authentication. O.K. here is my question.
Is it possible to construct some sort of system that will not allow simultaneous logins. For example, if I open a browser window, go to my site and login with username: BOB and password: SMITH, I am now logged in. Now if I open another browser window and go to my site, I can still login with BOB and SMITH even though BOB and SMITH is already logged in. Obviously I could pass around my username and password to hundreds of people and all of them could be logged in to my site at the same time.
Now, I thought about putting a field in my database table (members_table) its default would be false meaning the member is currently NOT logged on. If a member logs in successfully, I would set the field to TRUE, then if someone else tries to login and the field is set to TRUE, it will not allow the login to work. Now this works great if the user clicks the logout link because then I can call the table up and set the field back to false. But what if the user just closes the browser window, well the session is destroyed, but in the database table it is still set to True - I guess forever now since the user will not be able to login again and therefore can not logout to set it back to false.
Hope that made sense and sorry for the long post but I am beating my head against the wall trying to figure this one out!
Thanks for any response.
Rulkster
