perhaps you can generate a new session id for each page displayed. for example a user logs in. he gets $sess_id1. automatically the session id gets changed to $sess_id2 and all the links from that page contain the second one. so if he clicks somewhere on the page he will go on to a page with the new session id while you generate a third one ,$sess_id3. and so on... i'm not sure about what you mean about another browser. another browser window or another browser program. you can always check their enviroment variables and see if it matches the previous entry in your db. but that can cost some more space.
----- Original Message ----- From: "Fran Fabrizio" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, April 12, 2002 11:22 PM Subject: Enforcing user logged in from only 1 browser? > > Hello all, > > I'm looking for a straightforward approach to extend our AuthCookie > sessioning to enforce that a user is only logged in from one browser at > a time. For us, it would suffice that if the user tries to log in from > a 2nd browser, the first session would just be expired. > > I was thinking that upon login I could save the AuthCookie key in that > user's db entry as current_session_key and I could blank it out when > they explicitly log out. Then during login, I would be able to see if > there's another key still out there for them. The tricky part for me is > figuring out if that key is still an -active- session as opposed to > having just left their browser open last night or something. And also, > if I do determine that it is another active one, how would I expire it? > > Anyone done this type of thing previously? > > Thanks, > Fran >
