logging in twice with one user account

**larry@portcommodore.com** · Dec 4 '06, 02:15 PM

Re: logging in twice with one user account

gehegerade...@g mail.com wrote:

Is there a way to prevent one user-account from logging in twice on the
same system when using sessions?
>

[snip]

>
Any tips, or links to articles about this?
>
Thanks!

You could have a 'last activity' timestamp in there (you have to do a
lot of updating on your session tracking DB, such as for every DB
access) and then if it has been a while since lass activity, grant
access.

Or you could just put up an "already logged in" mesage with a reminder
to log out properly the next time (BOFH solution)

**Tim Van Wassenhove** · Dec 4 '06, 06:25 PM

Re: logging in twice with one user account

gehegeradeaus@g mail.com schreef:

Is there a way to prevent one user-account from logging in twice on the
same system when using sessions?
>
I also put the session of a user in a mysql database :
>
CREATE TABLE `login_sessions ` (
`login_id` int(10) unsigned NOT NULL auto_increment,
`login_session_ id` varchar(32) NOT NULL default '',
`login_user_id` int(10) unsigned NOT NULL default '0',
`login_date` int(14) unsigned NOT NULL default '0',
PRIMARY KEY (`login_id`)
) ENGINE=MyISAM AUTO_INCREMENT= 154 DEFAULT CHARSET=utf8
AUTO_INCREMENT= 154 ;
>
I can check whether the user_id is already in the database, but what if
the user doesn't log out properly?

- Add a 'loginnumber' column to each user.
- Every time the user logs in you increment the loginnumber by one and
store it in the users session
- On every page request you verify if the loginnumber in the session is
still the persisted one

-advantage: the previous 'loginnumber' will expire as soon as the user
logs in again. No need to think about expiring older sessions...

-disadvantage: you have to verify the loginnumber on each page request
(but if you're going to keep track of the 'last requested' page you have
to do this too...)

--
Tim Van Wassenhove <url:http://www.timvw.be/>

**gehegeradeaus@gmail.com** · Dec 6 '06, 12:35 PM

Re: logging in twice with one user account

Tim Van Wassenhove schreef:

gehegeradeaus@g mail.com schreef:

Is there a way to prevent one user-account from logging in twice on the
same system when using sessions?

I also put the session of a user in a mysql database :

CREATE TABLE `login_sessions ` (
`login_id` int(10) unsigned NOT NULL auto_increment,
`login_session_ id` varchar(32) NOT NULL default '',
`login_user_id` int(10) unsigned NOT NULL default '0',
`login_date` int(14) unsigned NOT NULL default '0',
PRIMARY KEY (`login_id`)
) ENGINE=MyISAM AUTO_INCREMENT= 154 DEFAULT CHARSET=utf8
AUTO_INCREMENT= 154 ;

I can check whether the user_id is already in the database, but what if
the user doesn't log out properly?

>
- Add a 'loginnumber' column to each user.
- Every time the user logs in you increment the loginnumber by one and
store it in the users session
- On every page request you verify if the loginnumber in the session is
still the persisted one
>
-advantage: the previous 'loginnumber' will expire as soon as the user
logs in again. No need to think about expiring older sessions...
>
-disadvantage: you have to verify the loginnumber on each page request
(but if you're going to keep track of the 'last requested' page you have
to do this too...)
>
>
--
Tim Van Wassenhove <url:http://www.timvw.be/>

Thanks,

but I think the opposite will happen : the new user will be logged in,
and the existing session will be ended... What I want is to prevent the
new user (with the same user-account) to log-in to the system...

logging in twice with one user account

logging in twice with one user account

Comment

Comment

Comment