[SOLVED] Preventing from double login (same user - different computers)

[liad]

Hey!

 

How can I prevent people from double login into my site?

I don't want anyone to login from different computers with the same UserName.

 

 

thanks.

[.josh]

You can keep the logged in status saved in a column in the db and in your login script, not only check user/pw, check login status.  If it's currently set as logged in, give message saying you can't login.  Set status to logged off if user logs out.  If user doesn't log out (just closes the browser or whatever), you can also have a column that shows timestamp of last request from user.  Setup a cron job to set status as logged off after x amount of time. 

 

Some people have those columns as part of the user account table.  Some people use a separate table to hold currently active sessions.  If you have a large user base, I'd go for the 2nd option.

[DeanWhitehouse]

You could also store there IP to check what IP they are logged in as at one time and if it is the same at another, this can be used to prevent session hijacking.