Jump to content

Recommended Posts

Hi guys,

 

I've been racking my brains on this one...just trying to figure out how to enable multi simultaneous logins like Google Accounts manages to do.

 

I've also trying to understand how non session based login works...any thoughts on this is/should be done?

Link to comment
https://forums.phpfreaks.com/topic/159376-one-user-multiple-simultaneous-logins/
Share on other sites

I've been racking my brains on this one...just trying to figure out how to enable multi simultaneous logins like Google Accounts manages to do.

 

You'll have to elaborate on what exactly you mean. You can't rely on other people's knowledge of any arbitrary system.

 

I've also trying to understand how non session based login works...any thoughts on this is/should be done?

 

I don't see how you could pull that off seeing as HTTP is stateless. Well, strictly speaking you don't have to use PHP's support for sessions and you could use cookies, but considering PHP's sessions are implemented on top of cookies, it's still essentially the same thing.

Well, cookies can't be relied on in the same way that the keys to your doors can't be relied on to protect you from burglary. Whenever someone has the keys/cookies they have access to whatever the keys/cookies grant access to. Cookies are merely a way of persisting data across multiple requests. Sessions are a layer on top of the cookies.

ok so gmail allows me to login at computer X using Firefox leave that session open and login using IE8 - and the two sessions can work simultaneously.

 

i can then also use computer Y to login at the same time and the sessions still work!!

Doesn't this happen by default?

 

I'd have thought that you actually have to do something to prevent this. Enabling it requires nothing. Just check user info against the database. If it's correct, log them it. That has nothing restricting them from logging in on multiple PCs.

i just didnt think that was a particularly secure way of going about it. storing a user id in a session? i use a md5 hash in the session and look that up in the db - if they match then user is logged in.

 

maybe im wrong about the secure thing?

There is a security concern with sessions if you're on a shared-server. The solution to that potential security concern is to store user sessions in a MySQL database.

 

Cookies can help strengthen your application's security. For example:

 

//user login details were correct - give them details
$_SESSION['user_id'] = $user_id;
setcookie('user_id',$user_id);

 

Then on another page you could do this:

 

$logged_in = false; //by defaults
if(isset($_SESSION['user_id']) && isset($_COOKIE['user_id']) && $_SESSION['user_id'] == $_COOKIE['user_id']){
      $logged_in = true; //user is logged in
}

 

If you want you could also use a session fingerprint.

 

$_SESSION['fingerprint'] = sha1($_SERVER['HTTP_USER_AGENT'].$user_id."32hdy!");

 

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.