User Being Logged in Multiple Times

TheMayhem

I use sessions as an authentication system and am having a problem where users are basically opening about 6 windows, logging in, and getting around certain stuff built into my script.

So I was wondering is their any type of php programming where I can make it so a user can only be logged in once with 1 window?

devinemke

not very reliable but you could prevent the same IP address (found in $_SERVER['REMOTE_ADDR']) from logging in multiple times. store all the logins in a database with the IP and run a check for each new login. again, not very reliable.

TheMayhem

Problem is what if people use static ip addresses and such. I dunno really whats the best way to prevent this one.

Weedpacket

You could make a note against their record that they are logged in. Better, the time that the login was last used (this you keep updating as they use the site): If they log out, set the time to something way in the past.

When they try and log in; if the time is too recent (this depends on your users' usage), say that they're already logged in. If it's sufficiently long ago assume that they left the site and now they're logging in for the first time again.

Of course, it would be better to find out how multiple logins enable them to get around your security and fix that, rather than go for a bandaid "don't let them log in multiple times". Like devinemke said: "not very reliable".