Jump to content

One User -> Multiple Simultaneous Logins


Recommended Posts

I've been racking my brains on this one...just trying to figure out how to enable multi simultaneous logins like Google Accounts manages to do.

 

You'll have to elaborate on what exactly you mean. You can't rely on other people's knowledge of any arbitrary system.

 

I've also trying to understand how non session based login works...any thoughts on this is/should be done?

 

I don't see how you could pull that off seeing as HTTP is stateless. Well, strictly speaking you don't have to use PHP's support for sessions and you could use cookies, but considering PHP's sessions are implemented on top of cookies, it's still essentially the same thing.

Link to comment
Share on other sites

Well, cookies can't be relied on in the same way that the keys to your doors can't be relied on to protect you from burglary. Whenever someone has the keys/cookies they have access to whatever the keys/cookies grant access to. Cookies are merely a way of persisting data across multiple requests. Sessions are a layer on top of the cookies.

Link to comment
Share on other sites

Doesn't this happen by default?

 

I'd have thought that you actually have to do something to prevent this. Enabling it requires nothing. Just check user info against the database. If it's correct, log them it. That has nothing restricting them from logging in on multiple PCs.

Link to comment
Share on other sites

There is a security concern with sessions if you're on a shared-server. The solution to that potential security concern is to store user sessions in a MySQL database.

 

Cookies can help strengthen your application's security. For example:

 

//user login details were correct - give them details
$_SESSION['user_id'] = $user_id;
setcookie('user_id',$user_id);

 

Then on another page you could do this:

 

$logged_in = false; //by defaults
if(isset($_SESSION['user_id']) && isset($_COOKIE['user_id']) && $_SESSION['user_id'] == $_COOKIE['user_id']){
      $logged_in = true; //user is logged in
}

 

If you want you could also use a session fingerprint.

 

$_SESSION['fingerprint'] = sha1($_SERVER['HTTP_USER_AGENT'].$user_id."32hdy!");

 

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.