Best IT Recipes

Allow only one session

I would like to make my site to allow only one session at a time. For example, suppose a user has a login on my site in firefox, if the user logs in to another browser again, for example, an opera on one computer or another computer, the session on firefox will be destroyed. However, the firefox session remains if it remains as one session. Can I find out how I can do this? I am using php and apache. Thank.

Sincerely. Benjamin

+7
php apache2
Jul 02 '10 at 9:23
source share
5 answers

I suggest you do something like this:

Suppose user "A" first logs into "Com_1". Store the unique code in the database against this session and the same with the user session.

At the same time, if he (user "A") logs in to "com_2" again, check his status in the database and update the unique code in the database.

back again, if the same user (user "A") refreshes the page to "com_1", ​​we all you need to do is check the unique code from the session and match it with the database, it definitely won’t, then log out and destroy the session.

To save the user in the log, even if the browser is closed, you can save the cookie in the browser and re-generate the session accordingly.

Hope this helps. Thank.

+10
Jul 03 '10 at 7:17
source share

You can use the following algorithm

  • create an integer field in userLoggedInCount database
  • Each time the name of this flag is incremented and the result is saved in the session.
  • In each query, check the value in the database and what is in the session, and if one in the session is less than one in the database, invalidate() session and decrease the value in the database
  • whenever a session is destroyed, decrease the value as well

Loans for Bojo because he posted this by answering a question here

+5
Jul 02 '10 at 9:29
source share

Keep a central database table or text file of the currently logged in user. If the user is already logged in in another session, cancel the session by setting the "logged in" flag to false.

+3
Jul 02 '10 at 9:28
source share

I think you needed to do something like this:

  • add the column "last_session_id" to the user table.
  • when the user logs in, update his last_session_id field with his current session id
  • on each page, if the user has an authenticated session, check if the session ID matches the one recorded in your database. If not, destroy this session.
+3
Jul 02 2018-10-10T00:
source share

Save the IP addresses of users IP => SESSION_ID in the database. When a user tries to load your page, you should compare the actual IP => SESSION_ID pair, then enable / disable if the pair is ok / different.

0
Jul 02 '10 at 9:30
source share


More articles:


All Articles