[nycphp-talk] Denying multiple logins to restricted pages
chun_lam at hotmail.com
Wed Feb 26 23:56:08 EST 2003
How about this? Everytime you login, you expire all other session. This
will get them really annoy. :-P I am a devil....
----Original Message Follows----
From: "Mark Armendariz" <nyphp at enobrev.com>
Reply-To: talk at nyphp.org
To: NYPHP Talk <talk at nyphp.org>
Subject: RE: [nycphp-talk] Denying multiple logins to restricted pages
Date: Wed, 26 Feb 2003 13:42:16 -0500
Received: from parsec.nyphp.org ([220.127.116.11]) by mc7-f9.law1.hotmail.com
with Microsoft SMTPSVC(5.0.2195.5600); Wed, 26 Feb 2003 10:42:47 -0800
Received: from nyphp.org (parsec.nyphp.org [18.104.22.168])by
parsec.nyphp.org (8.12.6/8.12.6) with ESMTP id h1QIgGEF020102for
<chun_lam at hotmail.com>; Wed, 26 Feb 2003 13:42:46 -0500 (EST)(envelope-from
null at nyphp.org)
Message-Id: <200302261842.h1QIgGEF020102 at parsec.nyphp.org>
X-List-Software: Paralist 0.6
List-Owner: <mailto:listmaster at nyphp.org>
Organization: New York PHP
X-Mailer: Paramail 0.5
Return-Path: null at nyphp.org
X-OriginalArrivalTime: 26 Feb 2003 18:42:47.0271 (UTC)
Well, the 2 methods I've used to solve the problem involve either cron jobs
or running a mini script in my config file which is called by every script
(depending on availability of cron job control).
For starters, Using session handling hasn't always been reliable in my
experience. It's easy to figure you can catch session closes (close browser
or open different page) that you should just log them off, but unfortunately
you can't always catch a session close and run the proper script. Browser
crashes and different browser set ups don't always allow for it.
Basically, I create a last_hit column (date/time) and logged_in (char(1)) in
my login database. The script checks all logged_in = 1 and if their time is
greater than set time (usually 10 minutes) it set's logged_in to 0. And in
order to access any page on the member the site, logged_in must be one and
their last_hit time is updated. Also, in the login check script, make sure
the user's "logged_in" is not already set to 1. If it is, they have to wait
0 minutes or someone else is using their login.
Depending on your hardware setup, this could actually be faster with a text
You could also do this with ip's and such, but with dynamic IP's being
changes without notice from ISP's this isn't always reliable.
Regardless of methods, Good Luck!!
From: Ophir Prusak [mailto:ophir at prusak.com]
Sent: Wednesday, February 26, 2003 1:24 PM
To: NYPHP Talk
Subject: [nycphp-talk] Denying multiple logins to restricted pages
I'm creating a site that requires people to register and login for access to
certain pages. I want to stop users from giving out their username/password
to other people by denying access to more than one person using the same
username at the same time.
I have a few ideas in my head, but would really like to hear from others
that may have already tackled this problem and what solution they came up
Also, I'm still debating what to do when I find out that indeed two (or
more) people are trying to use the same username.
Do I deny the latest attempt ?
Do I accept the latest attempt and then reject requests from all other
people using the same username ? etc.
--- Unsubscribe at http://nyphp.org/list/ ---
Help STOP SPAM with the new MSN 8 and get 2 months FREE*
More information about the talk