Jump to content


Photo

Advanced login issues


  • Please log in to reply
14 replies to this topic

#1 inqztve

inqztve
  • Members
  • PipPip
  • Member
  • 14 posts

Posted 19 August 2006 - 03:30 PM

I have login system with PHP and MySQL that uses session variable to keep track. My Issue is:

2) How can I auto logout an user from one location if the same user logs in from a difffernt location? i.e. USER A creates a SESSION with sessionID X(say) from location 1. He/she then forgets to logout or close the browser. And the same USER A  tryies to log in from location 2 and creates a session with sessionID Y(say). I want SESSION with ID X be destroyed (so that USER A from location 1 is effectively logged out)  before SESSION with ID Y is created. How I destroy a different SESSION? I store the session id in a database table along with associated userID and if the user is logged in or out. So retrieving previous sessionID associated with a user is available during current login (or SESSION).

In other words can I destroy SESSION with sessionID X while I am in SESSION with sessionID Y?

#2 onlyican

onlyican
  • Members
  • PipPipPip
  • Advanced Member
  • 921 posts
  • LocationHants - UK

Posted 19 August 2006 - 04:52 PM

mmm,
If a User closed the window, the session will normally die

U can do it, but it will be heavy
When a user loggs in, store the sess ID in the DB
then on every page load, check the sess_id with what is in the DB
If its not a match, then session_destroy();
Tell me the problem, I will try tell you the solution

#3 inqztve

inqztve
  • Members
  • PipPip
  • Member
  • 14 posts

Posted 19 August 2006 - 05:35 PM

Hey, thank you for yor reply. I do store the session ID in DB for every session. But, if I use session_destroy() at the beginning of every page when the SESSION IDs don't match then I destroy the current session not the previous session. I want to destroy the previous session if the same user is trying to login again from a different location. It would have been nice if session_destroy() could be called with SESSION ID as agrument. Then I could just call the previous session by that ID and destroy it at during next log in and create a new one. But, unfortunately I can't call session_destroy() by ID.

#4 onlyican

onlyican
  • Members
  • PipPipPip
  • Advanced Member
  • 921 posts
  • LocationHants - UK

Posted 19 August 2006 - 06:18 PM

as I said

If the SESS_ID in the DB matches the SESS_ID of the user, then everything is ok
If not then it must be from an old log in, so destroy that one

If I am logged into your website, and I log in again, it will overwrite the old one.
Tell me the problem, I will try tell you the solution

#5 inqztve

inqztve
  • Members
  • PipPip
  • Member
  • 14 posts

Posted 19 August 2006 - 09:10 PM

If not then it must be from an old log in, so destroy that one.

>>>That is what I want to do. I am just looking  for a function that will destroy the old one.
I tried wrting my own to actually delte the session file form the dir where is stored.

But it's giving me this error: [function.unlink]: Permission denied.

I am using unlink to delete file.

System summary:

Windows server 2003
IIS 6
PHP 5+ (don't exactly remember)

I have given full permission fo the IUSER for the directory where I store the session file.

#6 onlyican

onlyican
  • Members
  • PipPipPip
  • Advanced Member
  • 921 posts
  • LocationHants - UK

Posted 19 August 2006 - 09:14 PM

unlink is for deleting files

if(current ses_id != ses_id_in_db){
session_destroy();
}
Tell me the problem, I will try tell you the solution

#7 inqztve

inqztve
  • Members
  • PipPip
  • Member
  • 14 posts

Posted 19 August 2006 - 09:24 PM

Isn't this going to destroy the current session? I want to continue with the current session. I want to destroy session associated with sess_id_in_db in your example. How can I call the session_destroy() from the scopre of the current session (associated with current_sess_d) to destroy another session (sess_id_in_db)?

That is why I wanted to use unlink to delete the session file with sess_id_in_db while log in.

#8 Yesideez

Yesideez
  • Members
  • PipPipPip
  • Advanced Member
  • 2,334 posts
  • LocationDevon, UK

Posted 19 August 2006 - 09:46 PM

Let's summarise this to make sure I understand this:
* User logs in on machine 1
* Later they forget to close the browser, go home and log into machine 2
* Someone goes to machine 1 and starts using the browser with the account logged in
* Site picks up on two users logged in and needs to boot one out (preferably machine 1)

If I'm correct I've done this before myself and I used 3 fields in the users table:
* "seshid", VARCHAR
* "kick" TINYINT(1)
* "curip" VARCHAR(15) (to store the user's IP)

Basically when someone logs in it checks the session ID with current and curip with current. If both are different it sets kick to 1 and logs the new session ID and IP. Other scripts check seshid with current and curip with current. If both are different then the session ID is destroyed and redirects to the login page. If both match then it much be the recent user so kick is set to 0 and it carries on as normal. Once a machine is kicked and kick is set to 0 the recent user can carry on as normal without worry of being kicked as the other machine won't be able to log in because they won't know the password.

Thats similar to how I've done it but I can't remember exactly how as I've not got access to the code to check at the moment but its as accurate as I can get it (spent *ages* typing this to make sure I got it right lol)
Not a pro just an enthusiast :)

if (empty($coffee)) {$coffee=new coffee();}

Please surround any code using the CODE tags - I rarely look at anything without them

#9 inqztve

inqztve
  • Members
  • PipPip
  • Member
  • 14 posts

Posted 19 August 2006 - 09:53 PM

Yes you got it right! :) Yes, that will work. I need to check kick from the DB before every page to load, can be integrated to login check file. I wos wondering if I can just destroy session associated with the previous login while logging in the next time form a different machine. Apprently can't do that with session_destroy() as I can't call it to destroy different session.

#10 inqztve

inqztve
  • Members
  • PipPip
  • Member
  • 14 posts

Posted 19 August 2006 - 09:55 PM

BTW do you know what is msession_destroy()?

#11 Yesideez

Yesideez
  • Members
  • PipPipPip
  • Advanced Member
  • 2,334 posts
  • LocationDevon, UK

Posted 19 August 2006 - 09:59 PM

No idea but I guess its a new function in the testing stage as I can't seem to find any documentation on it - sounds a bit like "multiple session" to me but as I said, only guessing!
Not a pro just an enthusiast :)

if (empty($coffee)) {$coffee=new coffee();}

Please surround any code using the CODE tags - I rarely look at anything without them

#12 inqztve

inqztve
  • Members
  • PipPip
  • Member
  • 14 posts

Posted 19 August 2006 - 10:07 PM

Thank you for your help. I can't seem to find any documentation either. All I could find is that it takes an argument. If I could destroy a session by ID, not just the current session.... something like session_destroy(session_id), it would make my job easier. That is why I was interested at msession_destroy(string arg). I was hoping it would do what I wanted to do.

#13 Yesideez

Yesideez
  • Members
  • PipPipPip
  • Advanced Member
  • 2,334 posts
  • LocationDevon, UK

Posted 19 August 2006 - 10:51 PM

It may do something similar in the future, will have to wait for the documentation to be added.
Not a pro just an enthusiast :)

if (empty($coffee)) {$coffee=new coffee();}

Please surround any code using the CODE tags - I rarely look at anything without them

#14 inqztve

inqztve
  • Members
  • PipPip
  • Member
  • 14 posts

Posted 20 August 2006 - 02:50 AM

Meantime, if I use msession_destroy(), it gives fata error as undefined function. I use PHP 5.1.4. It's supposed to be working for php 4.4 and 5. Do I need to use a different .dll file for this? or change some settings on .ini file?

#15 Yesideez

Yesideez
  • Members
  • PipPipPip
  • Advanced Member
  • 2,334 posts
  • LocationDevon, UK

Posted 20 August 2006 - 02:52 AM

I've no idea to be honest and I wouldn't really advise using a function where there is no documentation as you've no idea what else its affecting. Best stick to documented functions that way you know exactly what is beign affected.
Not a pro just an enthusiast :)

if (empty($coffee)) {$coffee=new coffee();}

Please surround any code using the CODE tags - I rarely look at anything without them




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users