[nycphp-talk] Denying multiple logins to restricted pages
smanes at magpie.com
Wed Feb 26 19:57:18 EST 2003
At 01:24 PM 2/26/2003 -0500, Ophir Prusak wrote:
>Also, I'm still debating what to do when I find out that indeed two (or
>more) people are trying to use the same username.
>Do I deny the latest attempt ?
>Do I accept the latest attempt and then reject requests from all other
>people using the same username ?
The downside to #1:
The client logs in, starts filling out a long form, gets called away for a
phone call, returns to finish the form, hits Submit only to find that he'd
been kicked off by someone else logging in to that account five minutes
The downside to #2:
The client logs in, works for a while then takes off on a long weekend
without logging out.
#2 is probably the lesser of two evils if you combine it with an inactivity
timer in the session handler.
But neither really addresses the problem of multiple people sharing a
login, just multiple people using that login at the same time. If you can
solve this problem, university SAs everywhere will build a statue in your
More information about the talk