Hi.

Ok I've got the logging in of customer accounts settled but what I need
to work into the system is that of preventing more than one instance of
the same account.

If I logon right now as testuser1 on ComputerA and then go to ComputerB
and login as testuser1 it'll work just fine. What I want to do is one of
the following: (a) prevent the second instance of testuser1 from
succeeding, (b) logoff the first instance of testuser1 when the second
instance authenticates.

I know I'll have to keep a database and store the following: username
(or user id), session id, time of login, and/or time of last action.

Option A is very easy. I can easily look in the database and see if that
person is already logged in. If they are found in the db I just refuse
the second login attempt. Option B on the other hand seems a little more
difficult. As far as I've thought it out so far I'll have to check the
db on each page request to see if the user is still valid. That is to
say, if the second attempt is allowed to login I would have to change
the users session id from the first instance to the second instance.
Then when the first instance goes to a new page the application would
say "Hey wait a minute buddy! Your session id is different than the one
in the database. You've either timed out or someone else has logged in
with the same username."


Am I thinking this through correctly? Comments?



Chris.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to