NYCPHP Meetup

[nycphp-talk] Denying multiple logins to restricted pages

Steve Manes smanes at magpie.com
Wed Feb 26 19:57:18 EST 2003


At 01:24 PM 2/26/2003 -0500, Ophir Prusak wrote:
>Also, I'm still debating what to do when I find out that indeed two (or
>more) people are trying to use the same username.
>Do I deny the latest attempt ?
>Do I accept the latest attempt and then reject requests from all other
>people using the same username ?

The downside to #1:

The client logs in, starts filling out a long form, gets called away for a 
phone call, returns to finish the form, hits Submit only to find that he'd 
been kicked off by someone else logging in to that account five minutes 
earlier.

The downside to #2:

The client logs in, works for a while then takes off on a long weekend 
without logging out.

#2 is probably the lesser of two evils if you combine it with an inactivity 
timer in the session handler.

But neither really addresses the problem of multiple people sharing a 
login, just multiple people using that login at the same time.  If you can 
solve this problem, university SAs everywhere will build a statue in your 
honor.





More information about the talk mailing list