Session management in PHP

[kellyrmartin]

Is there a way that when someone logs in and 'username' session variable is initialized that all other sessions are checked for the 'username' variable and deregisters any wiht matching contents. Effectively to keep someone being actively logged in twice.

[teamatomic]

I see inherent problems with this. You can save session to any place you wish:

ini_set('session.save_path', /path/to/sessions);

So you could loop through them with no problem. The problem comes with cleaning upld sessions. You can use garbage collection to remove older sessions. But, unless you can force all users to logout and destroy their session you are causing a user to be locked out until their session is removed by garbage collection.

Example:

You cleanup sessions every half hour. Joe logs in and does a quick check of something and closes the browser window. Total time spent:2 minutes. Now, three minutes later joe decides he wants to peruse your blog/new files/  whatever. Joe tries to log on but cant because your check finds his previous session which wont be cleaned up for another 25 minutes. See the problem. joe is locked out for another 25 minutes. So in a flash of something you set garbage collection to 5 minutes. Now everyone had to relogin every 5 minutes. No one is happy.

 

There is no solution as you are looking at it. The good thing is that they need to use another computer to logon. So you could keep their IP and  if the user logs under a new IP blow away the session associated with their old IP. This would be easy if you named sessions by the IP.  Only problem I see is in multiple users behind the same cable modem, etc.

 

ini_set('session.gc_divisor', '1');

ini_set('session.gc_probability', '1');

ini_set(session.gc_maxlifetime, '1800');//in seconds

ini_set('session.save_path', /path/to/sessions);

session_name('*the*ip*');

session_start();

 

 

HTH

Teamatomic