[nycphp-talk] Denying multiple logins to restricted pages

Steve Manes smanes at
Wed Feb 26 19:57:18 EST 2003

At 01:24 PM 2/26/2003 -0500, Ophir Prusak wrote:
>Also, I'm still debating what to do when I find out that indeed two (or
>more) people are trying to use the same username.
>Do I deny the latest attempt ?
>Do I accept the latest attempt and then reject requests from all other
>people using the same username ?

The downside to #1:

The client logs in, starts filling out a long form, gets called away for a 
phone call, returns to finish the form, hits Submit only to find that he'd 
been kicked off by someone else logging in to that account five minutes 

The downside to #2:

The client logs in, works for a while then takes off on a long weekend 
without logging out.

#2 is probably the lesser of two evils if you combine it with an inactivity 
timer in the session handler.

But neither really addresses the problem of multiple people sharing a 
login, just multiple people using that login at the same time.  If you can 
solve this problem, university SAs everywhere will build a statue in your 

More information about the talk mailing list