NYCPHP Meetup

[nycphp-talk] Denying multiple logins to restricted pages

DeWitt, Michael mjdewitt at alexcommgrp.com
Wed Feb 26 14:15:20 EST 2003


	Mark,

	It's interesting that you focus on the end of session as an issue
just as I do.  

	I thought there might be a way to validate a previous/other session
by checking for the corresponding file stored by the session handler. The
issue here is that the session may have timed out but hasn't been cleaned
yet by the garbage collection process.  

	Perhaps there is a way to glean the time value out of the session
string? I would be surprised if the timestamp was not embedded in it.


	Mike

> For starters, Using session handling hasn't always been reliable in my
> experience. It's easy to figure you can catch session closes (close
> browser
> or open different page) that you should just log them off, but
> unfortunately
> you can't always catch a session close and run the proper script.  Browser
> crashes and different browser set ups don't always allow for it.
> 
> 
> -----Original Message-----
> From: Ophir Prusak [mailto:ophir at prusak.com] 
> Sent: Wednesday, February 26, 2003 1:24 PM
> To: NYPHP Talk
> Subject: [nycphp-talk] Denying multiple logins to restricted pages
> 
> 
> Hi All,
> 
> I'm creating a site that requires people to register and login for access
> to
> certain pages. I want to stop users from giving out their
> username/password
> to other people by denying access to more than one person using the same
> username at the same time.
> 
> I have a few ideas in my head, but would really like to hear from others
> that may have already tackled this problem and what solution they came up
> with.
> 
> Also, I'm still debating what to do when I find out that indeed two (or
> more) people are trying to use the same username.
> Do I deny the latest attempt ?
> Do I accept the latest attempt and then reject requests from all other
> people using the same username ? etc.
> 
> Ophir
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> --- Unsubscribe at http://nyphp.org/list/ ---
> 



More information about the talk mailing list