Stop users logging in twice.

[Beauford]

I want to stop users from logging in twice. I have set up a table with the user id and timstamp and it works fine, where I am confused is how I check it.  First, does the time need to be updated on every page, and in the crontab what am I looking for? 

 

For example, if I set the crontab for for 5 minutes and check the time against it, the user could just wait 6 and login again - defeating the purpose.

 

Am I making any sense, or just missing something simple here?

 

I guess I could set it to log the user out after the 5 minutes if there is no activity, then they could log in again.

 

Any suggestion are appreciated.

[.josh]

log in with the same account, or log in under multiple accounts?

[ratcateme]

so you want the same user not to be able to login twice at the same time?

what i would say is but a timestamp in the database when the user loads a new page update the timestamp.

every time the user logs in check the timestamp. if 5 mins has gone past since last recorded time then assume the user has left your site and come back.

if it is less than 5 mins then there might be two people with the same password.

this could annoy people though if browsing the browser accidentally crashes they have to wait 5 mins to use your site.

 

Scott.

[discomatt]

The easiest way is a custom session handler... Ideally one that implements a database engine.

[Beauford]

Figured it out. I stored the session ID in the DB and if they close their browser and not log out and try to log in again, the sessions won't match. I put a notice up advising them of this and logging in again would log out anyone else.