Jump to content

Recommended Posts

Hi,

My users are authenticating to a mysql database, and they stay logged in by way of a cookie which expires on browser close....or 2 hours, which ever occurs first. What I want to do now is to prevent users giving their login details to their friends so that multiple people login with the same username. I can store logged in usernames in a 'logged_in' table, which will make it easy to check whether that username is already logged in, and if it is, then deny access to any further users with that username. But, if a user doesn't logout using the 'Logout' button, which would delete the username from the 'logged_in' table, how could I detect that the user is in fact no longer on site and then delete their username from the 'logged_in' table? For example, the user might just close his browser and go home.....which would kill he cookie, but would leave their username in the 'logged_in' table, which would prevent them from logging in next time?

Perhaps I'm approaching this wrong?

Thanks,
Neil
Link to comment
https://forums.phpfreaks.com/topic/34628-how-to-prevent-multiple-logins/
Share on other sites

How I handle timeouts is this... In my activeUsers table I store their ID, IP Address, Last Active (TimeStamp), Expires (TimeStamp). This way I can query the db to prevent multiple instances, it updates the table (last active & expires) when they move around the site. So if they don't explicitly logout and just walk away from their computer when an attempt to login/move around the site using that username occurs, I can check against the user to see if their session has expired and force them to login again.
jesirose:

Well, the login is to access applications that are available to our students on or off campus. Someone, from not at this educational facility, has expressed interest in his students also using some of our applications, and I don't trust that he won't give his login details to others in order to access the applications...which could put a heavy load on our server. I can't deny him access as he is a part time tutor here, as well as a part time tutor at another faclity. The solution is to only allow each user to be able to log in once...but I can figure out how to reset them as logged out if they just close their browser rather than hit the 'Log Out' button....which will happen for sure, I do it myself!!
It might be easier to just catch him at it instead of try to prevent it. Log the IP addresses and times, and then analyze it. If people are logging in from different IPs at the same time with his info, he broke the rules, and then can be dealt with.
Thats how I'd approach it - seems easier.
You should save login information about the person in a database.

Save there

-session id
-username
-userid
-logindate
-etc. etc. etc.

When someone goes to login, you will need to check if they have an active login already in the database if they do, then they need to close there login.
You will also need to check if the session id is still existant, if not, you will need to delete it from the database otherwise the user will only be able to login one time.
realjumper, I had the same issue with a corporate product, the only way I have ever found to effectively handle it was the solution I came up with, take it for what it's worth but in combination with my system's access logs, I've never had an issue, I can track people down to login locations, request pages, querystring information, date/time, records they affected, you name it..... Had to do it in order to get SOX compliance.
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.