To make a perfect system like this probably needs users to sign-off faithfully by every session.
Peter Bi ----- Original Message ----- From: "Fran Fabrizio" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, April 12, 2002 1:22 PM Subject: Enforcing user logged in from only 1 browser? > > Hello all, > > I'm looking for a straightforward approach to extend our AuthCookie > sessioning to enforce that a user is only logged in from one browser at > a time. For us, it would suffice that if the user tries to log in from > a 2nd browser, the first session would just be expired. > > I was thinking that upon login I could save the AuthCookie key in that > user's db entry as current_session_key and I could blank it out when > they explicitly log out. Then during login, I would be able to see if > there's another key still out there for them. The tricky part for me is > figuring out if that key is still an -active- session as opposed to > having just left their browser open last night or something. And also, > if I do determine that it is another active one, how would I expire it? > > Anyone done this type of thing previously? > > Thanks, > Fran > >