Home > Archive > PHP Programming > November 2004 > Re: How to stop multiple Log In's under the same Username
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Re: How to stop multiple Log In's under the same Username
|
|
|
| Chris Hall wrote:
> Any one got any good ideas or where to look for solutions how to stop
> multiple log ins with the same username? I am using mysql database if that
> makes a difference.
Keep the session id along with ip, login id, and datetime in a sessions
table.
You can then check login attempts against the session table, and compare
the time they logged in against the time now, current IP vs session IP, etc.
It's not foolproof though you could at least lock out different IPs from
being on at the same time or within a given timeframe.
You could also zap the record in the sessions table for the first
instance of the login, meaning they'd have to log in again. If it's a
situation where they've shared their login information around, it'll
teach them not to do it again.
Kelv :)
--
LoHost
http://www.lohost.com
| |
| Justin Koivisto 2004-11-29, 8:55 pm |
| Kelv wrote:
> Chris Hall wrote:
>
>
> You could also zap the record in the sessions table for the first
> instance of the login, meaning they'd have to log in again. If it's a
> situation where they've shared their login information around, it'll
> teach them not to do it again.
I've actually gone this route before, and didn't have more than a dozen
complaints in about 2 years. It actually worked out nicer than I had
expected it to.
--
Justin Koivisto - spam@koivi.com
http://www.koivi.com
| |
| Gary L. Burnore 2004-11-29, 8:55 pm |
| On Mon, 29 Nov 2004 20:51:09 GMT, Justin Koivisto <spam@koivi.com>
wrote:
>Kelv wrote:
>
>
>I've actually gone this route before, and didn't have more than a dozen
>complaints in about 2 years.
How many hits on the site in an average month?
>It actually worked out nicer than I had expected it to.
--
gburnore@databasix dot com
---------------------------------------------------------------------------
How you look depends on where you go.
---------------------------------------------------------------------------
Gary L. Burnore | ÝÛ³ºÝ³Þ³ºÝ³³Ýۺݳ޳ºÝ³Ý³Þ³ºÝ³ÝÝÛ³
| ÝÛ³ºÝ³Þ³ºÝ³³Ýۺݳ޳ºÝ³Ý³Þ³ºÝ³ÝÝÛ³
DataBasix | ÝÛ³ºÝ³Þ³ºÝ³³Ýۺݳ޳ºÝ³Ý³Þ³ºÝ³ÝÝÛ³
| ÝÛ³ 3 4 1 4 2 ݳ޳ 6 9 0 6 9 ÝÛ³
Black Helicopter Repair Svcs Division | Official Proof of Purchase
========================================
===================================
Want one? GET one! http://signup.databasix.com
========================================
===================================
| |
| Justin Koivisto 2004-11-29, 8:55 pm |
| Gary L. Burnore wrote:
> On Mon, 29 Nov 2004 20:51:09 GMT, Justin Koivisto <spam@koivi.com>
> wrote:
>
>
>
>
> How many hits on the site in an average month?
At the time there were about 10,000 unique visitors/month and 40,000
visits based on what AWStats spits out...
--
Justin Koivisto - spam@koivi.com
http://www.koivi.com
| |
| Gary L. Burnore 2004-11-29, 8:55 pm |
| On Mon, 29 Nov 2004 22:10:47 GMT, Justin Koivisto <spam@koivi.com>
wrote:
>Gary L. Burnore wrote:
>
>
>At the time there were about 10,000 unique visitors/month and 40,000
>visits based on what AWStats spits out...
I can see why you say "better than you thought". 1 in 10,000 isn't
bad at all.
--
gburnore@databasix dot com
---------------------------------------------------------------------------
How you look depends on where you go.
---------------------------------------------------------------------------
Gary L. Burnore | ÝÛ³ºÝ³Þ³ºÝ³³Ýۺݳ޳ºÝ³Ý³Þ³ºÝ³ÝÝÛ³
| ÝÛ³ºÝ³Þ³ºÝ³³Ýۺݳ޳ºÝ³Ý³Þ³ºÝ³ÝÝÛ³
DataBasix | ÝÛ³ºÝ³Þ³ºÝ³³Ýۺݳ޳ºÝ³Ý³Þ³ºÝ³ÝÝÛ³
| ÝÛ³ 3 4 1 4 2 ݳ޳ 6 9 0 6 9 ÝÛ³
Black Helicopter Repair Svcs Division | Official Proof of Purchase
========================================
===================================
Want one? GET one! http://signup.databasix.com
========================================
===================================
| |
| Chung Leong 2004-11-30, 3:56 am |
| "Kelv" <not@having.it> wrote in message
news:cog1je$kum$1@santiago.kelv.net...
> Chris Hall wrote:
>
that[color=darkred]
>
> Keep the session id along with ip, login id, and datetime in a sessions
> table.
>
> You can then check login attempts against the session table, and compare
> the time they logged in against the time now, current IP vs session IP,
etc.
>
> It's not foolproof though you could at least lock out different IPs from
> being on at the same time or within a given timeframe.
>
> You could also zap the record in the sessions table for the first
> instance of the login, meaning they'd have to log in again. If it's a
> situation where they've shared their login information around, it'll
> teach them not to do it again.
>
> Kelv :)
>
> --
> LoHost
> http://www.lohost.com
Checking the IP address is probably not a good strategy nowadays when WiFi
is so popular. Your user could be browsing your site in a bus, or his WiFi
adapter could switch to a different base station because the signal of the
pervious one has become too weak.
Destroying the previous session is a much more reliable option. And you
don't really need to implement your own session save-handler. Just remember
the session id, then delete the previous session file when the user log in
again. The path is usually session_save_path() . "/sess_" . $session_id. Or
simply scan the session save path, parse in every file, and delete the one
containing the username (stored as a session variable, presumably).
|
|
|
|
|