Jump to content

Advanced login issues


inqztve

Recommended Posts

I have login system with PHP and MySQL that uses session variable to keep track. My Issue is:

2) How can I auto logout an user from one location if the same user logs in from a difffernt location? i.e. USER A creates a SESSION with sessionID X(say) from location 1. He/she then forgets to logout or close the browser. And the same USER A  tryies to log in from location 2 and creates a session with sessionID Y(say). I want SESSION with ID X be destroyed (so that USER A from location 1 is effectively logged out)  before SESSION with ID Y is created. How I destroy a different SESSION? I store the session id in a database table along with associated userID and if the user is logged in or out. So retrieving previous sessionID associated with a user is available during current login (or SESSION).

In other words can I destroy SESSION with sessionID X while I am in SESSION with sessionID Y?
Link to comment
Share on other sites

mmm,
If a User closed the window, the session will normally die

U can do it, but it will be heavy
When a user loggs in, store the sess ID in the DB
then on every page load, check the sess_id with what is in the DB
If its not a match, then session_destroy();
Link to comment
Share on other sites

Hey, thank you for yor reply. I do store the session ID in DB for every session. But, if I use session_destroy() at the beginning of every page when the SESSION IDs don't match then I destroy the current session not the previous session. I want to destroy the previous session if the same user is trying to login again from a different location. It would have been nice if session_destroy() could be called with SESSION ID as agrument. Then I could just call the previous session by that ID and destroy it at during next log in and create a new one. But, unfortunately I can't call session_destroy() by ID.
Link to comment
Share on other sites

[u]If not then it must be from an old log in, so destroy that one[/u].

>>>That is what I want to do. I am just looking  for a function that will destroy the old one.
I tried wrting my own to actually delte the session file form the dir where is stored.

But it's giving me this error: [b][function.unlink]: Permission denied.[/b]

I am using unlink to delete file.

System summary:

Windows server 2003
IIS 6
PHP 5+ (don't exactly remember)

I have given full permission fo the IUSER for the directory where I store the session file.
Link to comment
Share on other sites

Isn't this going to destroy the current session? I want to continue with the current session. I want to destroy session associated with sess_id_in_db in your example. How can I call the session_destroy() from the scopre of the current session (associated with current_sess_d) to destroy another session (sess_id_in_db)?

That is why I wanted to use unlink to delete the session file with sess_id_in_db while log in.
Link to comment
Share on other sites

Let's summarise this to make sure I understand this:
* User logs in on machine 1
* Later they forget to close the browser, go home and log into machine 2
* Someone goes to machine 1 and starts using the browser with the account logged in
* Site picks up on two users logged in and needs to boot one out (preferably machine 1)

If I'm correct I've done this before myself and I used 3 fields in the users table:
* "seshid", VARCHAR
* "kick" TINYINT(1)
* "curip" VARCHAR(15) (to store the user's IP)

Basically when someone logs in it checks the session ID with current and curip with current. If both are different it sets kick to 1 and logs the new session ID and IP. Other scripts check seshid with current and curip with current. If both are different then the session ID is destroyed and redirects to the login page. If both match then it much be the recent user so kick is set to 0 and it carries on as normal. Once a machine is kicked and kick is set to 0 the recent user can carry on as normal without worry of being kicked as the other machine won't be able to log in because they won't know the password.

Thats similar to how I've done it but I can't remember exactly how as I've not got access to the code to check at the moment but its as accurate as I can get it (spent *ages* typing this to make sure I got it right lol)
Link to comment
Share on other sites

Yes you got it right! :) Yes, that will work. I need to check kick from the DB before every page to load, can be integrated to login check file. I wos wondering if I can just destroy session associated with the previous login while logging in the next time form a different machine. Apprently can't do that with session_destroy() as I can't call it to destroy different session.
Link to comment
Share on other sites

Thank you for your help. I can't seem to find any documentation either. All I could find is that it takes an argument. If I could destroy a session by ID, not just the current session.... something like [b]session_destroy(session_id)[/b], it would make my job easier. That is why I was interested at msession_destroy(string arg). I was hoping it would do what I wanted to do.
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.