ajoo

Hi david, I am back and i must say i am surprised with the result of the meta statements that I added to the code. Basically a manual refresh would have done the same thing. However, the results in both cases , manual refresh or meta statements is the same and as expected it does NOT logout the user's previous sessions BUT instead changes the session id of the previous sessions to the current one ( active one wid status 'A' ) in the database. Thus the eviction still does not occour. The surprising thing is that the session id which is supposed to be unique to a session changes to the same in all the previous sessions. I did check that session id's are different when the user logs in and change to become the same only after the Meta statements refresh the page. I have gone thru the code but fail to understand why the session_id changes to the one in the currently active browser page. Please help. Thanks.

Hi, Thanks david for the response. I am going to try first the meta tags in the header and will revert. Wish you had given me something on Ajax for the refreshing of the page and I would have checked that one out as well but I'll search it on google and revert. Once this is done I'd like to discuss some more regarding the cleaning up of the database. Thanks.

Hi david. Thanks for the revert. Though I have not tried it, but i am quite certain that a manual refresh would cause the page of the previous sessions to display the "you have been booted" message. Though I don't understand the cache bit that you mentioned. In fact the only thing that's needed in this problem is as you have suggested that there should be some routine which would periodically check the database, something like an interrupts in java or c or Ajax as you have mentioned here. Can you please elaborate on the Ajax bit. I am very new to PHP and have zero knowledge of Ajax as i have not needed it till now. So if you give me some pointers to it maybe then i'll try and implement the full logic. Maybe a tutorial on Ajax that implements these "periodic checks". And if its not too complex, a small bit of code to do just that. Again about refresh metatags or javascript I have no idea. please shed some light on their usage as well. I feel its important to log out of the previous sessions when the user attempts a fresh login. A user can forget to logout of a session and then maybe logs in at another place. He may not go back to the old machine that day and so there would be no one to refresh that page to get a final logout and so a clean up of the database where logins status is stored will not occour. I want to do a clean up of the database when i logout a user from a previous session so that this login database may not become too large. Would it be a good idea to delete the records that have been marked "X" and are therefore in the "booted" status? Since this particular logic provide the "id" as the row number, deleting rows can cause a mix up of values thereby rendering the "id" not unique. Just a thought. Looking forward to some more discussion and help. Thanks loads.

Hi all, OK here i am with the results of my experiments with the code for a login system which boots out any previous and running sessions by a given ( particular) user, thus effectively disallowing a multilogin by a single user. So anytime a user forgets to logout and logs back in again at the same or new machine, the previous sessions are to be closed and destroyed and the user gets to login from whereever he's logging in once again. At least thats what I am trying to achieve and I appreciate the help of so many senior members here. Attached please find a snapshot of my computer screen which show the above not happening. The code suggested by david works in the database all right as can be seen from the snapshot. Also you can see that I have been able to login on 3 pages on the same machine. David gave two files one for login which i renamed as status.php and one regular.php which I assumed was the page to be displayed on successful login. The regular.php is supposed to evict an already logged user if he logs in a second time from any other machine. However one look at the regular.php shows that it simply checks the status field and if its been changed to 'X' indicating a previously active session, it is supposed to simply echo that the user has been booted. This part of the code however never gets to execute and so this eviction message " you were booted" is never displayed. I think thats because the regular pages have already run their length in the previous sessions. Its here that the new active session some how has to communicate with previous sessions and trigger / refresh the page code once again and then actually destroy the old session evicting the user in the previous page and displaying the message. How is this triggering / refreshing of the browser in the previous session to be achieved. I guess the problem has still not really been solved. Or maybe I am missing something here or are too much of a newbie to get the drift of the experts. A little more help with actual code would feel great! Thanks all. Looking forward to a finally a complete solution to this one. I hope this would help other new comers like me. ( I am unable to paste the snapshot of my run of the program. If someone can tell me how i may achieve that I'll paste it the next time round ).

The problem still remains that which set of commands would target the first session on say computer1 to terminate it while the same user is trying to logon from computer 2 without having logged off from the first machine. The program is idle an computer1 and the code is being executed on machine 2. How then would that code on machine 2 trigger code on machine 1 to log out from there ? Can you please try and demonstrate with some actual code? At least a pointer. Thanks.

Hi david, Just by looking at the code, because i tried something like this, I feel that this would logout from the second session and not the first session. So it would probably not allow a second login. Where as what I am trying to achieve is that the 2nd login occurs destroying the first. Isn't there any function that allows the sessions to be destroyed by name. for eg. If i have jack logged in at time = t1 and then jack logs in again at a later date t2, is there no function which can identify and then logout jack at t1 with a message appearing on the screen of Jack at t1. ( session 1) In case i am missing something that you suggested then kindly rephrase it for me. Thanks all.

Hi. Thanks all for their replies. I am surprised to find that my last reply to this post here is missing and so I'll repost that with a new question. Firstly I tried all the advise by Mac and it all worked great. I used that and now have a login system that prevents multiple login by the same person twice. So thanks for that. I guess to have it working in a real system I would need to use a database as suggested by David. Once i do that I'll post my results here again. I am not aware of the token system suggested by jcbones but i'll explore that too. If you could provide me wid some more information on tokens or a reference site I'll be happy. So now my system works with a small hitch. Like I mentioned that I would like the user to get logged out of the first session once he logs in the second time from the same or new machine. With my code and help from you all what i have achieved is the prevention of the second login. I'ld be grateful if someone can suggest how I might be able to ensure that the 1st session of the user is terminted when he logs into the sytem a second tme. This should be somewhat like a yahoo chat login system which logs out the user with a message which says that the user has been logged out because he has logged in from another machine, once the second login by the same user occours. Thanks loads.

Ok thanks again sir. I'll revert with the findings again. Well for all practical purposes I just need to make that change in index.php. Thanks. Any other suggestions are most welcome.

Thanks for the advise. I'll look into it and revert with the outcome. Is there any way that i can make the program to pause for a few seconds after the echo commands to be able to check the program flow for debugging purposes? Thanks again. Ok I have just made the changes with the exit(); at the appropriate places as you advised and reran the login to be met with the same results. However if you can suggest some way for me to pause the program and check the output of the echo commands, it may give me a great insight into the program and thus maybe an approach to the solution. Eagerly awaiting a reply to this and thanks all.

Hi all, I have another problem associated with logins using sessions and stuff. On my machine I have Apache and mysql installed. The browser I use is Google Chrome. Everything is working fine. There is a very simple login system which, like all login systems, has a ID and password field. The user has to fill in the ID and password and these are checked against a database and the user is logged in. However before the ID and password are checked, the code checks if the $_session variable is set to and if it is it declares that the user is logged in and redirects the user to a secure page. There the user sees a personalised message and can logout. This is what is desired but this is not happening. Find below the code. There are 5 files namely 1. index.php, 2. loginproc.php 3. securedpage.php 4. logout.php and 5. config.inc In the file INDEX.PHP,is the following bit of code ///////////////// CODE NEVER TRAVERSED ///////////////////// RED RED RED ////////////// // Check, if user is already login, then jump to secured page if (isset($_SESSION['username'])) { echo $_SESSION['username']. "Already Logged in @ index 8"; echo " You are being logged out as you have logged in from another page "; session_destroy(); header('Location: index.php'); ///////////////// CODE NEVER TRAVERSED ///////////////////// RED RED RED ////////////// which never gets executed and I wonder why. These lines check at the outset if the user is logged in. If he is logged in and an attempt is made to login again these lines should be executed terminating the first session or at least that's what I want but for some baffling reason that does not occur. I try and create that scenario as follows. I log into the system once thru google chrome. Then i use another tab to login using the same ID and password. And to my surprise i am logged in and reach the secured page again. So I then have 2 logins on 2 different browser pages by the same ID and in both browsers the secured page is displayed. What I am trying is ofcourse that once a person is logged in and another login attempt is made, the first session be destroyed and a notification to that displayed on the first logged in browser page. I am unable to see where the mistake lies. I would be most grateful for any help and suggestions. Thanks all. <?php ///////// INDEX.PHP ///////////////////// // Inialize session session_start(); ///////////////// CODE NEVER TRAVERSED ///////////////////// RED RED RED ////////////// // Check, if user is already login, then jump to secured page if (isset($_SESSION['username'])) { echo $_SESSION['username']. "Already Logged in @ index 8"; echo " You are being logged out as you have logged in from another page "; session_destroy(); header('Location: index.php'); ///////////////// CODE NEVER TRAVERSED ///////////////////// RED RED RED ////////////// } else { echo " Hi new user ";} if (isset($_SESSION['username'])) {echo $_SESSION['username']."Already Logged in @ index 14";} ?> <html> <head> <title>PHPMySimpleLogin 0.3</title> </head> <body> <h3>User Login</h3> <table border="0"> <form method="POST" action="loginproc.php"> <tr><td>Username</td><td>:</td><td><input type="text" name="username" size="20"></td></tr> <tr><td>Password</td><td>:</td><td><input type="password" name="password" size="20"></td></tr> <tr><td> </td><td> </td><td><input type="submit" value="Login"></td></tr> </form> </table> </body> </html> <?php ///////// LOGINPROC.PHP //////////// // Inialize session session_start(); // Include database connection settings include('config.inc'); // Retrieve username and password from database according to user's input $login = mysql_query("SELECT * FROM members WHERE (Username = '" . mysql_real_escape_string($_POST['username']) . "') and (Password = '" . mysql_real_escape_string($_POST['password']) . "')"); echo " Login = $login"; // Check username and password match if (mysql_num_rows($login) == 1) { // Set username session variable echo " Ok Hi there - Welcome "; $_SESSION['username'] = $_POST['username']; // Jump to secured page header('Location: securedpage.php'); } else { // Jump to login page echo " Can't find you"; //header('Location: index.php'); } ?> <?php /////////////////// SECURED PAGE //////////////////// // Inialize session session_start(); // Check, if username session is NOT set then this page will jump to login page if (!isset($_SESSION['username'])) { header('Location: index.php'); } else { echo " Welcome". $_SESSION['username']; } ?> <html> <head> <title>Secured Page</title> </head> <body> <p>This is secured page with session: <b><?php echo $_SESSION['username']; ?></b> <br>You can put your restricted information here.</p> <p><a href="logout.php">Logout</a></p> </body> </html> This is content of ‘logout.php’: <? <?php /////////// LOGOUT. PHP /////////////////// // Inialize session session_start(); // Delete certain session unset($_SESSION['username']); // Delete all session variables session_destroy(); // Jump to login page header('Location: index.php'); ?> <?php ////CONFIG.INC ///////////////// $hostname = 'localhost'; // Your MySQL hostname. Usualy named as 'localhost', so you're NOT necessary to change this even this script has already online on the internet. $dbname = 'test'; // Your database name. $username = 'root'; // Your database username. $password = ''; // Your database password. If your database has no password, leave it empty. // Let's connect to host mysql_connect($hostname, $username, $password) or DIE('Connection to host is failed, perhaps the service is down!'); // Select the database mysql_select_db($dbname) or DIE('Database name is not available!'); ?>