liad Posted December 7, 2008 Share Posted December 7, 2008 Hey! How can I prevent people from double login into my site? I don't want anyone to login from different computers with the same UserName. thanks. Quote Link to comment Share on other sites More sharing options...
.josh Posted December 7, 2008 Share Posted December 7, 2008 You can keep the logged in status saved in a column in the db and in your login script, not only check user/pw, check login status. If it's currently set as logged in, give message saying you can't login. Set status to logged off if user logs out. If user doesn't log out (just closes the browser or whatever), you can also have a column that shows timestamp of last request from user. Setup a cron job to set status as logged off after x amount of time. Some people have those columns as part of the user account table. Some people use a separate table to hold currently active sessions. If you have a large user base, I'd go for the 2nd option. Quote Link to comment Share on other sites More sharing options...
DeanWhitehouse Posted December 7, 2008 Share Posted December 7, 2008 You could also store there IP to check what IP they are logged in as at one time and if it is the same at another, this can be used to prevent session hijacking. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.