On Thu, Aug 01, 2002 at 03:08:40PM -0400, Baljit Sethi wrote: > Hello. > > I am hoping someone can point me in the right direction. > > What I want to do is limit client logons to one logon per username ie while > a client has a session open, he/she cannot logon to the website from another > terminal.
The problem isn't determining when they've logged in, but determining when they've logged out. While it may be possible to write a record to the db that contains username, password, and IP address, it does not gaurentee that the user's ip address will not change mid session. (cable modem disconnect and reconnects with new ip, transparent to the user.) The short answer is, you can't. The long answer is that you can, but it takes way more work than it's worth. The only way I've seen is to set a cookie (encrypted) on the client's machine and flag the user as logged in. If the user tries to log in again (from anywhere), it rejects it. Only if the original client connects and clicks logout (and the cookie still exists) does it actually remove the flag (and the cookie). The drawback here is that if any user ever deletes their cookies before logging out, they're screwed, and will call asking you to fix it. Good luck, Rob
