--On Thursday, August 01, 2002 15:08:40 -0400 Baljit Sethi <[EMAIL PROTECTED]> wrote:
> > Hello. > > I am hoping someone can point me in the right direction. > > What I want to do is limit client logons to one logon per username ie > while a client has a session open, he/she cannot logon to the website > from another terminal. > > Platform: Apache 1.3.x with mod_perl & DBI > > I have looked high and low, gone through Apache book after book with no > measurable success (mod_usertrack & mod_session are the only modules > briefly mentioned). > > If someone could just point me in the right direction, I will gladly do > all the required research. Someone recently suggested to me the following solution, based on slightly modified sessions. It involves sending a cookie that contains a new ID with each response. The server stores that ID keyed on the user's login name. The next request from the client is expected to return that cookie. If the ID doesn't match, redirect the user to the login page. If one client is using the site, he will login once and thereafter can use the site normally. If a second client comes in, after his initial login he will get a cookie with a new ID. This will make the first client's ID invalid. If both clients continue to issue requests they will keep on invalidating each other's ID thus forcing repeated logins. In a case where the contract explicitely disallows concurrent access with a given login name, the rightful client will probably complain and be a bit more weary of giving away his password to his friends or coworkers. An advantage to this system is that it doesn't require logout or timing out the session. Disclaimer: I have not implemented this system, and it's possibly that it has flaws that surely this list readers will be quick to point out, and I'll be grateful for that. -- Eric Cholet
