Preventing multiple instances of same account

[rayden]

I'm trying to learn php and came across a problem. Here's the situation:

 

I can log in and work on the same account from different browsers, or there are multiple instances of the same session.

I've used simple sessions and session variables to verify the user.

 

Ideally i'd like the old session to logout when i log in to the same account from another browser. Preventing the new browser to log in would also work.

 

Any help would be appreciated.

[PFMaBiSmAd]

You need to store the session id in the user table when the log in form is successful. Then you check on every page visit if the session id is the same or different. If it is different (someone using the first browser/old session id refreshes or visits a different page), you output a message that the account has been logged in at a different location and that they are logged out and must log in again.

 

You can also prevent the 2nd browser from logging in by checking if the user table says the account is already logged in and there is a saved session id and it is not the same as the current visitor's session id.

 

Simple login in systems that are not storing the logged in/looged out status and the session id in the user table and are not checking this information on each page visit cannot accomplish these type of advanced functional checks.

[rayden]

Ok got it. Thanks for the help PFMaBiSmAd.

[Q]

I see one problem with that solution. If the user leaves the site without logging out, they will be prevented from ever logging in again unless you make some timeout on your sessions id's ..

 

Ideally you should use the first suggestion