[nycphp-talk] Denying multiple logins to restricted pages

DeWitt, Michael mjdewitt at
Wed Feb 26 13:55:27 EST 2003


I have never done anything like this yet, but it is a concern on my list of
things to do some day. 

one policy issue which may or may not affect you is whether to allow
multiple logins from the same IP.  With corprations behind a nating router,
its hard to know if this one user with two sessions or two users.

Another example of how things can look abusive: a corporate joe fires up
your site and logs in via the corporate network and then launches AOL  and
surfs to your site again via the AOL network.  He will appear to be coming
from two IP addresses with logins perhaps minutes apart.  

I currently log userid/ipaddress/pageinfo to a table and eye ball it for
abuse by running counts by user.  So far I haven't seen anything abusive,
but I would love to be able to fully automate this.


> -----Original Message-----
> From:	Ophir Prusak [SMTP:ophir at]
> Sent:	Wednesday, February 26, 2003 1:24 PM
> To:	NYPHP Talk
> Subject:	[nycphp-talk] Denying multiple logins to restricted pages
> Hi All,
> I'm creating a site that requires people to register and login for access
> to
> certain pages.
> I want to stop users from giving out their username/password to other
> people
> by denying access to more than one person using the same username at the
> same time.
> I have a few ideas in my head, but would really like to hear from others
> that may have already tackled this problem and what solution they came up
> with.
> Also, I'm still debating what to do when I find out that indeed two (or
> more) people are trying to use the same username.
> Do I deny the latest attempt ?
> Do I accept the latest attempt and then reject requests from all other
> people using the same username ?
> etc.
> Ophir
> --- Unsubscribe at ---

More information about the talk mailing list