How do I stop multiple logins to my website

Beauford2

How would I go about setting up something, whether it be sessions, cookies, MySQL, or whaterver to control users from logging in twice and do it in real time.

My users are cheats, so they will try and use different browers to log in twice, or more times. So I can't really rely 100% on cookies or sessions, although I am currently putting their session ID in the DB, but just can't figure out how to implement something that works.

Kind of banging my head here. Any help is appreciated.

Thanks :queasy:

dagon

compare the stored session id, with the session id\username, if they are not the same then they are logged in twice.

Beauford2

I am already doing this, but only after they have logged in a second time. I want to do it before they actually log in.

So if they close their browser without logging out properly. The old session ID is still in the DB, in which case when they try to log back in the ID's are different and they won't be able to log in at all.

I want to check before they actually login. Along with the above I set up a cron to delete stale session ID's from the DB based on a time entered into the DB, but this causes a time delay if again they close their brower and try to log in again before the stale record is deleted.

Everything I can think of causes a time delay, and this is what I want to avoid.

dagon

you don't know who they are before they log in so i don't see how you can achieve anything "before they actually log in"

johanafm

Why not treat the old session as expired if they log in a second time again. i.e. when they load your page and have no session id or an invalid one, they get to the login page. If they log in with a second browser, you overwrite the old session id, and the next time they they refresh/load in the first browser they get to the login screen.

Beauford2

You been peeking at my code? This is exactly the way I have it, but it is very annoying. How do other websites do it. I have been on many that won't allow you to log in twice, and before you actually log in. Maybe not then with PHP, but there has to be other solutions.

Weedpacket

Beauford2 wrote:
I have been on many that won't allow you to log in twice, and before you actually log in.

I think you're going to have to be a bit clearer in your descriptions. You say that these sites won't let you log in (again) before you actually log in. But if they did it after you logged in then obviously they would have had to let you log in - otherwise you wouldn't be logged in. I don't know of any sites that let you log in twice and then not allow you to log in twice, nor do I know of any where you have to log in before you're told you can't log in.

So it sounds like you're using "log in" to mean two different things simultaneously, and this is causing confusion.

messels

just set the page content to display according to the active session id if(isset(($SESSION['userid'])...pull correct data -- mysql_query("SELECT * FROM db WHERE userID =".$SESSION['userID'].");

implying that whenever someone logs in $SESSION['userID'] = $string_userID; (pulling the userID from the results of a login -->

...//form submission
if(isset($_POST['login']))
{
//kill existing session 
session_destroy(); 
//start login process
$user_name = $_POST['user_name'];
$password =  md5($_POST['password']);
$login = "SELECT * FROM users WHERE user_name = '$user_name' AND password = '$password'";
$login_query =mysql_query($login);
if (!$login_query)
echo mysql_error();
//check for actual user
...
...
//if user is real (real password, id, etc)
while ($results = mysq_fetch_array($login_query, MYSQL_ASSOC))
{
$userID = $results['userID'];
...
...
}//end results loop
$_SESSION['userID'] = $userID;
}//end of if-login check

DISCLAIMER: i didn't test any of this code--that should be obvious
MORE IMPORTANTLY: there's nothing to stop a user from logging in with firefox as one user and then again as another user with safari/ie/chrome