Jump to content

Limit users to 1 active login


DarkReaper

Recommended Posts

Hi there ;) i am trying to limit my users to only 1 active login per user.
Here is what i have done so far:
1. Login -> update session_id in the mysql db with the new one generated from the session_start()
2. User account -> first check if session_id is equal to mysql session id. If not -> force logout.

This worked for different browsers. But if i use 2 same browsers for example IE or FF the session stays the same and again they can log as much times as they want :( ...

Any ideas how can i do this? If i can identify each browser no matter if its the same or not maybe will work?!
Link to comment
Share on other sites

If your using sessions, its the same domain, same session name, it should overwrite itself.

Also if you dont allow someone to log in if a session exsists, then that helps
I have a log.php page for log in and out
if($_SESSION["logged_in_user_session"]){
//destroy the session, log them out

}else{
//show your log in script
}

If they are using the same machine, to log into 2 different account, if they are logged in, and go to log in, then it will log them out from the other account when they go to log.php
Link to comment
Share on other sites

@Daniel0: Well this sounds good but what if i close the window?? I get locked out from the account :( ....

@onlyican: same for you :)

I am thinking of someting like this:

1st user 1st window logs -> do its stuff
1st user opens 2nd tab/window and logs again -> if login already exists invalidate the previous login
1st user 1st window -> clicks and gets an invalidation message
1st user 2nd window -> continues without problems.

But cant seem to think of a way to use this technique :)
Link to comment
Share on other sites

When you say it worked using the same browser, do you mean you actually opened up two differant instances of the browser?

If you were logged in in firefox and simply opened a new tab, or in either browser you right clicked a link to open it in a new window, then it will not work because the session is the same.

However, if you opened up internet explorer of firefox twice, what you already did should work.
Link to comment
Share on other sites

well, read the persons IP address when they log in...

create a session table , it will provide you with rough guidance...

in this table you'll add 3 things:
userid (foreign key)
ipaddr (int) (you'll convert from REMOTE_ADDR)
time


each time anyone reloads or access any page, you will retrieve there record in the session table.
(or insert one if they don't have one).

match there IP address (on the first 3 octets only)
then check the time... if the time is less than... (say 1/2 hr) then update this record with current information. otherwise log out the person who's ip doesn't match.

It's nto bullet proof, but it's sort of what your looking for.
Link to comment
Share on other sites

I say, each time a user logs in you update a field in a table with a random string. The same string will be stored on a cookie that will be sent to the user. On each page check if the cookie's value and the field in the table are matching. If they dont- kick him out.
When person2 logs in when person1 is currently online (in the same user), the field in the table is updated with a new string and and a cookie is being sent to person2 with the new value. The next time person1 refreshes the browser, his cookie won't match the table value and he'll be kicked out.

Sounds good?

Orio.

PS- same can be done with sessions instead of cookies.
Link to comment
Share on other sites

@Orio: what will happen when the 2 different users are the same :) i mean 1 user opens different windows :) ... I think nothing because cookies are shared.

@GingerRobot: But still i wont do as what i want. 1 and no more windows/tabs should be active at every moment. If a second ones open ... the previous should invalidate. But i just cant identify each browser/tab as unique :(
Link to comment
Share on other sites

Ok, so if you want the user to use only one window a time, you can make the updating thing (both cookie and table) on every page. This will be easier with sessions. On each page check if table and session var are matching. If they are not- kick him out. If they are, change both to a new random value and continue.

Orio.
Link to comment
Share on other sites

Orio, cookies are shared. This means that if i change 1 cookie var, every window will read the new value on the next request. Rendering this method quite uneffective.

I want to limit them to 1 window so i can prevent cheating in an online game.

I want to identify each tab with unique id ... the problem is that i dont know how, nor if its possible ... :)

The best thing that i've comed up with is to get the browser PID but ... i dont think this is implemented in php
Link to comment
Share on other sites

why not use sessions and log a session but make sure that you regenerate sessions on every page.. then you can use a datetime of the session also so if session is older than 10minutes then allow a new session to be used?

Not sure if you can make sence of that.

Regards
Liam
Link to comment
Share on other sites

Well i would guess that this game would all depend on form submission?

If so what you CAN do, is, each time a page is loaded, create a random number and apply the md5 hash to it. Put this hashed number into your database.

Then, if the page has a form on it, put that hashed number as a hidden field. When the form is sent, check it matches the last one in the database.

If someone was to load a second window, they would alter the hashed number in the database and thus make the first window unusable.

You would, of course, have to do this with every form in your game.

Seems very OTT, perhaps you could prevent cheating in some other way. But that is certainly one method.
Link to comment
Share on other sites

If your preforming SQL inserts after someone completes a game, how could they cheat? Game data shouldn't be stored on the client end.  If your keeping your data on the server end, then it shouldn't matter how many windows they have open.

[quote author=DarkReaper link=topic=103543.msg412408#msg412408 date=1155127819]
Orio, cookies are shared. This means that if i change 1 cookie var, every window will read the new value on the next request. Rendering this method quite uneffective.

I want to limit them to 1 window so i can prevent cheating in an online game.

I want to identify each tab with unique id ... the problem is that i dont know how, nor if its possible ... :)

The best thing that i've comed up with is to get the browser PID but ... i dont think this is implemented in php
[/quote]
Link to comment
Share on other sites

you could always stamp breadcrumbs in the session file.

Each time a user does an action store an md5(time()+$key); Every action one takes, matches the current key and then the page is submitted.  On the submit the key is changed.

In the event that the user ever had 2 windows open, his second window is uselsess now as it has a different key.  Anything submitted there won't be saved.

you only preform the transaction if the keys match. On every match, the transaction is preformed and the key is changed.
Link to comment
Share on other sites

Well, you only write /check a key on every submit.
So if they are doing a database transaction.

Then in each form, you store the last key in <input type="hidden" value=<?=$_SESSION['key']?> />

It doesn't matter how many windows anyone opens, because after the submit on 1 screen, the keys on all the other windows (will reference the old key) and will no longer be valid.

Upon each submit, you willl refresh the $_SESSION['key'] value.

After each submit, you must check $_POST['key'] to ensure that it is equal to $_SESSION['key']
Preform your sql, and change the $_SESSION['key']


The end result is someone who can have as many windows open as they want,  But they will only be able to sequentially preform 1 task after another.  the key acts as sort of a mutex/semaphore
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.