user can login twice by using different browser

**ariful alam** · Aug 11 '12, 04:48 PM

Every browser has it's own session information and has it's own cookie space. so, whenever you use two browsers to log in those acts like two individual system running.

Now, you can add another column session_status where you can input active/deactive.

whenever a user trying to log in using another browser it will check the stored session is active or deactive. if active, then it show a message and confirms user log in again of new new browser using password and if successful then it rewrite the active session to deactive and store new browser session. And every chat message will check the browser session and the database stored session equals or not before updating the chat message. if not matched then browser will show a message and redirect to log in page.

Hope it's help you. :)

**Jim1003** · Aug 13 '12, 05:27 PM

Thank you very much

Originally posted by ariful alam

Every browser has it's own session information and has it's own cookie space. so, whenever you use two browsers to log in those acts like two individual system running.

Now, you can add another column session_status where you can input active/deactive.

whenever a user trying to log in using another browser it will check the stored session is active or deactive. if active, then it show a message and confirms user log in again of new new browser using password and if successful then it rewrite the active session to deactive and store new browser session. And every chat message will check the browser session and the database stored session equals or not before updating the chat message. if not matched then browser will show a message and redirect to log in page.

Hope it's help you. :)

Ty very much now i can go on with my script.
Have a nice day.

:)

**dlite922** · Aug 13 '12, 11:13 PM

By the way, this solution also will prevent multiple logins from different computers. If you are just trying to prevent multiple browsers but enable them to login from multiple computers, then you also need to track IP address or user agent (which is also a good idea to store along with active/deactive status).

what if someone try's to login from the same browser twice? i.e. from a second tab or uses login page in browser history to login again?

Lots to think about when doing user detection like this.

Good luck,

Dan

**ariful alam** · Aug 14 '12, 06:26 AM

@dlite922,

a login page has a validation area. that first check any user is logged in or not in the current browser using session/cookie. if logged in then the page redirects to the home page/default page that comes after a successful log in.

so, there is no chance to log in second time in same browser in second tab at a same time.

**Jim1003** · Aug 16 '12, 04:23 PM

I have this code:

Code:

// check user is logged in 


session_start();

//check if the session exists
if($_SESSION['login'])

{

//this means they are logged in



header("Refresh:0;URL=http://www.to website with link to chat/");return;




}

so if user is logged in he will be send to the webpage.
from the website is a link to the chat.
if you are logged in you will be redirected to website.

still you can login with 2 browsers.

i was busy 4 weaks ,i am a beginner with php.

in mysql i have a column user_status but i dunno how to make the code to set user active.

**ariful alam** · Aug 16 '12, 04:46 PM

If a user tries to log in your chat site, the site will check the user_status column's value. if the value is deactive than run a update query for the column to change it's value to active for the user. sql update query is like:

Code:

update <table name>
set user_status = 'active'
where userid = '<user login id>'

if the value is active than again a password checking as i described earlier in post#2.

hope works for you. :)

**Jim1003** · Aug 16 '12, 06:08 PM

ok ty very much
i go on an try this.
Have a nice day.

**Frinavale** · Aug 16 '12, 06:46 PM

It sounds like the server-side solution for monitoring who is logged in is your best solution; however, this introduces a bit of a bug that you need to handle.

Say a user logs in and forgets to log out.

In the database the user is still marked as "logged in" but the person really isn't...they just forgot to log out last time.

Now when the user tries to log in again, they will be blocked from using your application.

This is a bug.

I would ensure that the user has a way to disconnect any other "logged in" instances so to get around the problem.

It is probably best to store the Session ID (since it looks like you're using sessions) in the database. If there is no Session ID for a user, then they aren't logged in anywhere.

If there is a Session ID, you can check if the session id in the database matches the session ID of the request. If it doesn't match, inform the user that they are logged in somewhere else and prevent them from logging in.

If the user wants to log-in even though they are "logged in elsewhere", allow them to log in and store the session ID that they are currently using.

If someone was using the application "elsewhere" , then the next request that goes to the server will kick the user out (the user will be redirected to the page saying that they are logged in elsewhere) because the Session IDs don't match for the user.

Be aware that this solution may or may not work in a web farm environment.

-Frinny

**ariful alam** · Aug 16 '12, 07:07 PM

@Frinavale, what are you saying is already suggested in post#2 http://bytes.com/topic/php/answers/9...er#post3725589

**Frinavale** · Aug 16 '12, 10:06 PM

@ariful alam: yup.
I elaborated on it ;)

-Frinny

**Jim1003** · Aug 17 '12, 03:48 AM

hello

I made the script that the user can login once.
If he is logged in,you can not go to the login form.
That is working fine.
If you open another browser then i can not hide the form and the user can login for the second time.
The user-status column stays emty so i think there is a bug in the script.
The second login makes the first login invisible user.

**Jim1003** · Aug 17 '12, 06:52 PM

hello

i Have now this code but i see nothing in de database in the column user_status.

What do i wrong

Code:

<?php
// Get database connection
include 'database.php';


$sql = mysql_query("UPDATE chat_users SET user_status='active' WHERE id='$user_status' ");
$sql_doublecheck = mysql_query("SELECT * FROM chat_users WHERE id='$user_status' AND user_status ='active'");



if($user_status=='active' ){
echo "<strong><font color=red>You are loggged twice in now !!!!</strong>Go to website<br />";



header("Refresh:0;URL=http://www.chatwebsite.****/");return;

}


if($user_status =='inactive'){
	echo "<strong><font color=green>you may login now welcome</font></strong>";


header("Refresh:0;URL=http:/loginform.php");return;

}

?>

**ariful alam** · Aug 17 '12, 07:21 PM

when a user tries to login first check the user is already active or not.
if not active
update table column user_status='ac tive'
and
redirect him to chat screen/page/application
if (active)
through a message that the user is already active with a password box to give the password again to make this login as active.
if the user give the correct password again for the user id then, deactive the previous login and update this login to active.

moreover, with every chat message, check the session is active in database or not. if not active, then do not update this chat message in database and kick out to the log out page.

**Jim1003** · Aug 18 '12, 02:36 PM

Hello everybody

I have fixed it
Thank you very much for you help

Have a nice day.

Thank you !!!!!!!!!!!

user can login twice by using different browser

user can login twice by using different browser

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment