Progam Design - User Logins and Personal Details?

[random1]

Hey All,

 

Just a few questions regarding user login security and personal details.

 

- Is it safer to allow users to be logged into their account from multiple locations at once of limit it to one location (single-sign-on)?

 

- Is it illegal to record a user's IP Address in a database?

 

Responses are much appreciated

[dbo]

1) It really depends on the application and how many layers of security you want to implement. For most applications I would say this is overkill. You'll have to balance security and usability for your needs.

 

2) No it's not illegal.

[random1]

Thanks.

 

Are there any problems caused by implmenting a "logged into their account from multiple locations at once and limit it to one location" logic to an app?

[corbin]

Certain users might have certain ISPs (and by certain ISPs I mean AOL [boo-hiss!]) that change IP addresses quite frequently due to proxying everything through various locations.

[Daniel0]

Are there any problems caused by implmenting a "logged into their account from multiple locations at once and limit it to one location" logic to an app?

 

Many people frequently use multiple computers. Having to log in all the time would be a pain in the ass for normal sites like this.

[gregor171]

Many people frequently use multiple computers. Having to log in all the time would be a pain in the ass for normal sites like this.

The question is, would it be a normal site and what he would want to gain with this single-sign-on . ;-)

[Andy-H]

function ipCheck()
{

   if ( getenv('HTTP_CLIENT_IP') )
      return getenv('HTTP_CLIENT_IP');

   if ( getenv('HTTP_X_FORWARDED_FOR') )
      return getenv('HTTP_X_FORWARDED_FOR');

   if ( getenv('HTTP_X_FORWARDED') )
      return getenv('HTTP_X_FORWARDED');

   if ( getenv('HTTP_FORWARDED_FOR') )
      return getenv('HTTP_FORWARDED_FOR');

   if ( getenv('HTTP_FORWARDED') )
      return getenv('HTTP_FORWARDED');

   return $_SERVER['REMOTE_ADDR'];

}