Home > Archive > PHP SQL > May 2007 > How to restrict multiple login using a single account.
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
How to restrict multiple login using a single account.
|
|
| shankhar 2007-05-22, 8:00 am |
| Hi all,
In my project there is a requirement. If a user logged in at a time
since he/she logged out others are not allowed to loggin using the
same user name. That is to avoid multiple logins using a account. How
to do this?
I had got a idea and implemented.
1. When a user logs in storing the username, ip, login time to db.
2. When a User logs in i'll check the table whether the username
exists in the table or not if yes i'll not allow the user to login
else i'll allow to loggin.
3. When he logs out i'll delete the record from the table. Then he/
she can login again.
But there is a problem in this the user can close the browser directly
or right click in the taskbar and close it or by pressing Alt + F4. So
for this i have to catch the things in Javascript and trigger the
logout.
Is is possible to catch the events in Javascript, if yes please
provide me.
Or Is there any other method to restrict multiple login using single
account.
Thanx in advance.
Shankhar
| |
| Jerry Stuckle 2007-05-22, 8:00 am |
| shankhar wrote:
> Hi all,
>
> In my project there is a requirement. If a user logged in at a time
> since he/she logged out others are not allowed to loggin using the
> same user name. That is to avoid multiple logins using a account. How
> to do this?
>
> I had got a idea and implemented.
>
> 1. When a user logs in storing the username, ip, login time to db.
> 2. When a User logs in i'll check the table whether the username
> exists in the table or not if yes i'll not allow the user to login
> else i'll allow to loggin.
> 3. When he logs out i'll delete the record from the table. Then he/
> she can login again.
>
> But there is a problem in this the user can close the browser directly
> or right click in the taskbar and close it or by pressing Alt + F4. So
> for this i have to catch the things in Javascript and trigger the
> logout.
>
> Is is possible to catch the events in Javascript, if yes please
> provide me.
>
> Or Is there any other method to restrict multiple login using single
> account.
>
> Thanx in advance.
>
> Shankhar
>
There's no way to tell if the user closed his browser. Or turned off
his computer, unplugged from his network or any of a number of things.
You can use a short timeout, i.e. 15 minutes, and if they don't do
something in that time period their session gets deleted.
But one of the ones I like best is if one person logs on while another
one is using that account, the first one is logged out automatically.
It gets to be very annoying - and they soon stop sharing their account
info with others.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================
| |
| SterLo 2007-05-23, 7:02 pm |
| Jerry has the right idea.
Having the user session time out is fine - but can be counter
productive.
Having the user logged out if someone else logs in is a good way to go
since it alerts the user someone else has access to their account.
Blizzard does that :)
On May 22, 3:13 am, Jerry Stuckle <jstuck...@attglobal.net> wrote:
> shankhar wrote:
>
>
>
>
>
>
>
>
>
> There's no way to tell if the user closed his browser. Or turned off
> his computer, unplugged from his network or any of a number of things.
>
> You can use a short timeout, i.e. 15 minutes, and if they don't do
> something in that time period their session gets deleted.
>
> But one of the ones I like best is if one person logs on while another
> one is using that account, the first one is logged out automatically.
> It gets to be very annoying - and they soon stop sharing their account
> info with others.
>
> --
> ==================
> Remove the "x" from my email address
> Jerry Stuckle
> JDS Computer Training Corp.
> jstuck...@attglobal.net
> ==================
| |
|
| Hi Shankhar
One way is to make sessiontimeout for 15 min and change show a
dialog to user that is u wantto continue like that......if no response
than change the status in db to notactive and give a chance to other..
| |
| carrion 2007-05-24, 8:00 am |
| On May 22, 11:10 am, shankhar <shankha...@gmail.com> wrote:
> Hi all,
>
> In my project there is a requirement. If a user logged in at a time
> since he/she logged out others are not allowed to loggin using the
> same user name. That is to avoid multiple logins using a account. How
> to do this?
>
> I had got a idea and implemented.
>
> 1. When a user logs in storing the username, ip, login time to db.
> 2. When a User logs in i'll check the table whether the username
> exists in the table or not if yes i'll not allow the user to login
> else i'll allow to loggin.
> 3. When he logs out i'll delete the record from the table. Then he/
> she can login again.
>
> But there is a problem in this the user can close the browser directly
> or right click in the taskbar and close it or by pressing Alt + F4. So
> for this i have to catch the things in Javascript and trigger the
> logout.
>
> Is is possible to catch the events in Javascript, if yes please
> provide me.
>
> Or Is there any other method to restrict multiple login using single
> account.
>
> Thanx in advance.
>
> Shankhar
There's the DOM event document.onunload.
Maybe you could use it to send an ajax request that terminates the
session.
But it don't really know how reliable this would be.
Good luck
| |
| Schraalhans Keukenmeester 2007-05-24, 8:00 am |
| At Wed, 23 May 2007 23:57:34 -0700, carrion let his monkeys type:
> On May 22, 11:10 am, shankhar <shankha...@gmail.com> wrote:
>
> There's the DOM event document.onunload.
> Maybe you could use it to send an ajax request that terminates the
> session.
> But it don't really know how reliable this would be.
>
> Good luck
Only effective if the user closes the page && has Javascript enabled. Net
outage, app or pc crash, cable disconnect, etc etc. won't be handled
correctly. Just face the fact web apps have stateless user connections.
I haven't seen a failsafe mechanism yet. Nowhere. (Except those
using one-time key devices or keyculators) Simplest is (as suggested by
others) when (a) user logs in using a given set of credentials,
immediately close any open session matching them and inform about a new
login from another address and offer the option to have their password
reset and sent by mail. If they choose that option, block the other opened
session as well.
In case their creds were obtained without their approval, they ought
to be pleased to find out their account details were nicked and should be
changed immediately.
Sh.
| |
| R. Rajesh Jeba Anbiah 2007-05-28, 7:01 pm |
| On May 22, 2:10 pm, shankhar <shankha...@gmail.com> wrote:
> In my project there is a requirement. If a user logged in at a time
> since he/she logged out others are not allowed to loggin using the
> same user name. That is to avoid multiple logins using a account. How
> to do this?
<snip>
FWIW <http://groups.google.com/group/comp.lang.php/msg/
310fad0eef59415a>
--
<?php echo 'Just another PHP saint'; ?>
Email: rrjanbiah-at-Y!com Blog: http://rajeshanbiah.blogspot.com/
| |
| R. Rajesh Jeba Anbiah 2007-05-28, 7:01 pm |
| On May 22, 2:10 pm, shankhar <shankha...@gmail.com> wrote:
> In my project there is a requirement. If a user logged in at a time
> since he/she logged out others are not allowed to loggin using the
> same user name. That is to avoid multiple logins using a account. How
> to do this?
<snip>
FWIW <http://groups.google.com/group/comp.lang.php/msg/
310fad0eef59415a>
--
<?php echo 'Just another PHP saint'; ?>
Email: rrjanbiah-at-Y!com Blog: http://rajeshanbiah.blogspot.com/
| |
| R. Rajesh Jeba Anbiah 2007-05-28, 7:01 pm |
| On May 22, 2:10 pm, shankhar <shankha...@gmail.com> wrote:
> In my project there is a requirement. If a user logged in at a time
> since he/she logged out others are not allowed to loggin using the
> same user name. That is to avoid multiple logins using a account. How
> to do this?
<snip>
FWIW <http://groups.google.com/group/comp.lang.php/msg/
310fad0eef59415a>
--
<?php echo 'Just another PHP saint'; ?>
Email: rrjanbiah-at-Y!com Blog: http://rajeshanbiah.blogspot.com/
|
|
|
|
|