authentication "login sharing security" question - possible to bump out one user ?

listenmirndt

Hi guys.

So I have written a security system for membership content pages. It basically forbids a user from logging in if their IP address is different from the one recorded in the database (in brief).

However, in the case of network users, people sharing an internet connection, their IP address would be the same, and my security system can't register the difference.

So I am wondering if it is possible to at-least force one user to log out if two or more are using the same username/password.

I am using sessions for authentication, and I am wondering if the server keeps track of say, how many users are logged in, with the username "joe" or whatever.. if that might be a way to get at it..

OR if anyone has any suggestions what to do, with this type of problem..

Thanks a bunch!
-Arron

Horizon88

Is there some specific reason you chose by IP address to authenticate? :/ That's a fickle way to auth users. Dialup users, for example, get new ips every time they log onto the internet. DSL IP addresses can change occasionally, and as you mentioned, multiple users/routers/firewalls becomes a problem.

If there's a reason why, we can work on it, but if you just did it because, maybe we should come up with a different system?

listenmirndt

Thanks for the reply, actually sorted this one out a while back. Appreciate the help, once again!

-Arron