[nycphp-talk] Denying multiple logins to restricted pages

Mark Armendariz nyphp at
Thu Feb 27 01:37:43 EST 2003

Well that's why there's a script that resets the expired sessions after a
given amount of time.  Unfortunately the user has to wait the time or
contact the admin to reset their profile.  When I did this for a client's
intranet (it was cf based, but same concept) I had a "reset user" section
(with a dropdown of users) in the super user account and manager accounts.

Fortunately out of the 75 users who used the system regularly, I only got
the reset a session request about twice a week or less.  On another system,
IP addresses had to be registered, but all those users only logged in from
their desks, and it was directly tied to the network admin's dhcp list (that
was a fun one).

It's very hard to control crashed sessions, unfortunately, which I feel is a
serious downfall of browsers as they should allow for application plugs,
imo.  I'm dying to hear of better solutions though :)


-----Original Message-----
From: CHUN-YIU LAM [mailto:chun_lam at] 
Sent: Wednesday, February 26, 2003 11:53 PM
To: NYPHP Talk
Subject: Re: [nycphp-talk] Denying multiple logins to restricted pages

what happens when something wrong with a session, how do he/she login in 

----Original Message Follows----
From: "Ophir Prusak" <ophir at>
Reply-To: talk at
To: NYPHP Talk <talk at>
Subject: [nycphp-talk] Denying multiple logins to restricted pages
Date: Wed, 26 Feb 2003 13:24:25 -0500
Received: from ([]) by with Microsoft SMTPSVC(5.0.2195.5600); Wed, 26 Feb 
2003 10:24:55 -0800
Received: from ( [])by (8.12.6/8.12.6) with ESMTP id h1QIOPEF082196for 
<chun_lam at>; Wed, 26 Feb 2003 13:24:52 -0500 (EST)(envelope-from 
null at
X-Message-Info: dHZMQeBBv44lPE7o4B5bAg==
Message-Id: <200302261824.h1QIOPEF082196 at>
X-Paralist-Archived: <>
X-List-Software: Paralist 0.6
List-ID: <>
List-Owner: <mailto:listmaster at>
List-Archive: <>
List-Subscribe: <>
List-Unsubscribe: <>
Organization: New York PHP
X-Mailer: Paramail 0.5
Return-Path: null at
X-OriginalArrivalTime: 26 Feb 2003 18:24:55.0907 (UTC) 

Hi All,

I'm creating a site that requires people to register and login for access to
certain pages. I want to stop users from giving out their username/password
to other people by denying access to more than one person using the same
username at the same time.

I have a few ideas in my head, but would really like to hear from others
that may have already tackled this problem and what solution they came up

Also, I'm still debating what to do when I find out that indeed two (or
more) people are trying to use the same username.
Do I deny the latest attempt ?
Do I accept the latest attempt and then reject requests from all other
people using the same username ? etc.


The new MSN 8: smart spam protection and 2 months FREE*

--- Unsubscribe at ---

More information about the talk mailing list