[Resolved] You should not be able to log in from 2 diff comps

man_bag

I am a computer student...I am doing a project which requires that you should not be able to log into the system from two different computers using same id. Suppose if I login from computer A and after some time again login using the same id from computer B, then i should be automatically logged out from computer A (or i should not be able to perform any operation on computer A). I can access the system from computer B. but again i login from computer C , I should be logged out from computer B.....

Is it possible to achieve this function using sessions if so please tell me. and if u have other option please do tell me..
Please help me.....

mtmosier

Is it possible to achieve this function using sessions

No.

I don't suppose it'll come as a surprise if I tell you you need to keep a list of who is currently logged in and compare to that list. Beyond that I expect you'll be happy to research/think about on your own, since it is your school project after all.

laserlight

The way that I use doesnt rely on sessions, but on cookies.

The user logs in with username/password, and is issued a cookie containing user id and the hash of a pseudorandomly generated number.
When the user accesses another page, validation is performed using that cookie with the value stored in the database, upon which a new cookie is issued with a new hash.
Consequently, if you login from a different location, you change the hash, and so the logged in user's hash becomes invalid, thus the user is effectively logged out.

Of course, you can intercept the hash, but any attempt to use the hash changes the current hash, hence the user may discover the interception.

lsp

i can only suggest using IP addresses possibly? or a max conection script that has a max connection of 1 connection?

i like the cookie idea though

mrhappiness

extend your usertable with e new column called "sessionid"
after logging in store the session-id in this column
to check whether a user is logged in or not just try to read the usertable
```
$sql .= " WHERE sessionid = '".session_id()."'";
```

if a user signs in from a different pc (computer 😎 he will get a different session-id and so checking for the old pc (computer A) will fail

man_bag

hey
thank all for those suggestions ......

I have tried the suggestion givern by laserlight.......i.e

"The user logs in with username/password, and is issued a cookie containing user id and the hash of a pseudorandomly generated number."

It works fine.......
thanks once again
bye and take care