Simplest way that is also quite safe:
Create "sessions" table (user_id, session_key, last_action_datetime).
etc etc ...
This is somewhat similar to the way the OpenACS toolkit does it, though it differs in detail. The session management/request processor part of the toolkit could be ripped out from the rest fairly easily.
There are ways to get this stuff wrong so if session control is critical for the site, starting with code that's been well-tested in a wide variety of large and busy sites rather than rolling your own might not be a bad idea.
This discussion shouldn't be on this list anyway, though, should it? I get my fill of OpenACS discussion on the OpenACS site ...
-- Don Baccus Portland, OR http://donb.photo.net, http://birdnotes.net, http://openacs.org
-- AOLserver - http://www.aolserver.com/ To Remove yourself from this list: http://www.aolserver.com/listserv.html List information and options: http://listserv.aol.com/