[nycphp-talk] Denying multiple logins to restricted pages
Steve Manes
smanes at magpie.com
Wed Feb 26 19:57:18 EST 2003
At 01:24 PM 2/26/2003 -0500, Ophir Prusak wrote:
>Also, I'm still debating what to do when I find out that indeed two (or
>more) people are trying to use the same username.
>Do I deny the latest attempt ?
>Do I accept the latest attempt and then reject requests from all other
>people using the same username ?
The downside to #1:
The client logs in, starts filling out a long form, gets called away for a
phone call, returns to finish the form, hits Submit only to find that he'd
been kicked off by someone else logging in to that account five minutes
earlier.
The downside to #2:
The client logs in, works for a while then takes off on a long weekend
without logging out.
#2 is probably the lesser of two evils if you combine it with an inactivity
timer in the session handler.
But neither really addresses the problem of multiple people sharing a
login, just multiple people using that login at the same time. If you can
solve this problem, university SAs everywhere will build a statue in your
honor.
More information about the talk
mailing list