Jump to content

Limit Session Authentication


bschultz

Recommended Posts

Hi,

 

I have a php authentication script that checks against a MySQl database for login info.  Upon a correct login, a session is started.  Is there anyway to limit the authentication to one username at a time?  So that when user1 logs in...and someone else tries to use user1's username and password to access the page as well, it doesn't authenticate, or start the session.

 

Thanks.

 

Link to comment
https://forums.phpfreaks.com/topic/55152-limit-session-authentication/
Share on other sites

That information is best stored in mysql.  You could add it to the user table, for example.  You will need a method to detect situations such as user1 being logged in from home and forgetting to logout, then logging in from work (if such a situation will happen for your system).

You can add an additional table, indexed by user id.  Eg.

 

CREATE TABLE logged_in (
  user_id integer PRIMARY KEY,
  last_logged_in DATETIME,
);

 

Then, you can check the time they were last logged in from there, and make a choice about whether or not to allow a new login from a new location.  The hardest part to deal with is that people usually don't logout when moving from location to location, so you need to be able to time out sessions after a while.  That's why you need to store the time of the last login, and not just whether or not the user is logged in.

 

Or you can store the data in a text file, if you prefer that.  As long as the data is stored on the server, it really doesn't matter where :)

There is no cookie...the session ends when the user closes the browser so there is no logout feature.  I'm trying to authenticate people to a subscription to a college sports play-by-play audio stream.  Games can be 3 1/2 hours...makes it hard to log someone out without their interaction.

Even if you change it, how can you force every user to logout?  A shopping cart is one of the places users are least likely to logout when their session is finished.  They will just browse somewhere else.

 

What do you mean by "There is no cookie"?  I didn't mention cookies.

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.