Jump to content

Limit Session Authentication

bschultz

By bschultz
in PHP Coding Help

 Share

Recommended Posts

bschultz Advanced Member

bschultz

Posted
Posted

Hi,

 

I have a php authentication script that checks against a MySQl database for login info.  Upon a correct login, a session is started.  Is there anyway to limit the authentication to one username at a time?  So that when user1 logs in...and someone else tries to use user1's username and password to access the page as well, it doesn't authenticate, or start the session.

 

Thanks.

 

Link to comment
https://forums.phpfreaks.com/topic/55152-limit-session-authentication/
Share on other sites
btherl Member

btherl

Posted
Posted

That information is best stored in mysql.  You could add it to the user table, for example.  You will need a method to detect situations such as user1 being logged in from home and forgetting to logout, then logging in from work (if such a situation will happen for your system).

btherl Member

btherl

Posted
Posted

You can add an additional table, indexed by user id.  Eg.

 

CREATE TABLE logged_in (
  user_id integer PRIMARY KEY,
  last_logged_in DATETIME,
);

 

Then, you can check the time they were last logged in from there, and make a choice about whether or not to allow a new login from a new location.  The hardest part to deal with is that people usually don't logout when moving from location to location, so you need to be able to time out sessions after a while.  That's why you need to store the time of the last login, and not just whether or not the user is logged in.

 

Or you can store the data in a text file, if you prefer that.  As long as the data is stored on the server, it really doesn't matter where :)

bschultz Advanced Member

bschultz

Posted
  • Author
Posted

There is no cookie...the session ends when the user closes the browser so there is no logout feature.  I'm trying to authenticate people to a subscription to a college sports play-by-play audio stream.  Games can be 3 1/2 hours...makes it hard to log someone out without their interaction.

btherl Member

btherl

Posted
Posted

Even if you change it, how can you force every user to logout?  A shopping cart is one of the places users are least likely to logout when their session is finished.  They will just browse somewhere else.

 

What do you mean by "There is no cookie"?  I didn't mention cookies.

bschultz Advanced Member

bschultz

Posted
  • Author
Posted

Sorry...when I think "logout" I think cookies.  Since the session ends on a browser close, I was hoping to limit a parent from giving a grandparent their login info and both being able to listen when only one of them pays for it.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.