NYCPHP Meetup

[nycphp-talk] Denying multiple logins to restricted pages

Mark Armendariz nyphp at enobrev.com
Thu Feb 27 01:37:43 EST 2003


Well that's why there's a script that resets the expired sessions after a
given amount of time.  Unfortunately the user has to wait the time or
contact the admin to reset their profile.  When I did this for a client's
intranet (it was cf based, but same concept) I had a "reset user" section
(with a dropdown of users) in the super user account and manager accounts.

Fortunately out of the 75 users who used the system regularly, I only got
the reset a session request about twice a week or less.  On another system,
IP addresses had to be registered, but all those users only logged in from
their desks, and it was directly tied to the network admin's dhcp list (that
was a fun one).

It's very hard to control crashed sessions, unfortunately, which I feel is a
serious downfall of browsers as they should allow for application plugs,
imo.  I'm dying to hear of better solutions though :)

Mark

-----Original Message-----
From: CHUN-YIU LAM [mailto:chun_lam at hotmail.com] 
Sent: Wednesday, February 26, 2003 11:53 PM
To: NYPHP Talk
Subject: Re: [nycphp-talk] Denying multiple logins to restricted pages


what happens when something wrong with a session, how do he/she login in 
again?






----Original Message Follows----
From: "Ophir Prusak" <ophir at prusak.com>
Reply-To: talk at nyphp.org
To: NYPHP Talk <talk at nyphp.org>
Subject: [nycphp-talk] Denying multiple logins to restricted pages
Date: Wed, 26 Feb 2003 13:24:25 -0500
Received: from parsec.nyphp.org ([66.250.131.26]) by 
mc10-f6.bay6.hotmail.com with Microsoft SMTPSVC(5.0.2195.5600); Wed, 26 Feb 
2003 10:24:55 -0800
Received: from nyphp.org (parsec.nyphp.org [66.250.131.26])by 
parsec.nyphp.org (8.12.6/8.12.6) with ESMTP id h1QIOPEF082196for 
<chun_lam at hotmail.com>; Wed, 26 Feb 2003 13:24:52 -0500 (EST)(envelope-from 
null at nyphp.org)
X-Message-Info: dHZMQeBBv44lPE7o4B5bAg==
Message-Id: <200302261824.h1QIOPEF082196 at parsec.nyphp.org>
X-Paralist-Archived: <http://nyphp.org/list/paralist_archive.php?L_mid=3215>
X-List-Software: Paralist 0.6
List-ID: <nyphptalk.nyphp.org>
List-Owner: <mailto:listmaster at nyphp.org>
List-Archive: <http://nyphp.org/list/paralist_archive.php?L_lid=2>
List-Subscribe: <http://nyphp.org/list/>
List-Unsubscribe: <http://nyphp.org/list/>
Organization: New York PHP
X-Mailer: Paramail 0.5
Return-Path: null at nyphp.org
X-OriginalArrivalTime: 26 Feb 2003 18:24:55.0907 (UTC) 
FILETIME=[5CBDDB30:01C2DDC4]

Hi All,

I'm creating a site that requires people to register and login for access to
certain pages. I want to stop users from giving out their username/password
to other people by denying access to more than one person using the same
username at the same time.

I have a few ideas in my head, but would really like to hear from others
that may have already tackled this problem and what solution they came up
with.

Also, I'm still debating what to do when I find out that indeed two (or
more) people are trying to use the same username.
Do I deny the latest attempt ?
Do I accept the latest attempt and then reject requests from all other
people using the same username ? etc.

Ophir









_________________________________________________________________
The new MSN 8: smart spam protection and 2 months FREE*  
http://join.msn.com/?page=features/junkmail



--- Unsubscribe at http://nyphp.org/list/ ---










More information about the talk mailing list