BenM wrote:
Description:
I would like to prevent a user from logging in with their
user/password combination on a different computer or even a different browser
window, if they are already logged in. I have a login page, from which I use a
DB check to verify user/password info. Also, I have a bit loggedIN field in
the DB, which I use to see if they are currently logged in; if so, I prevent
them from logging in a second time.
Problem:
Unless they click the "Log Out" button, then the DB value does not
get changed. Any suggestions as to how I can log them out, even if they
simply close the browser window or jump to a different page?
Here's what I do: I have a table that contains the user ID,
application ID (which is just an identifier to the different apps we
have) an session ID.
Then the user logs in, those fields are populated. Every time a page
loads we have a toolbar that is included on each page. That page then
checks the current session ID against the database. IF it doesn't
match, I send them to a page which says "You can only be logged into
the application in one browser at a time"... or something like that.
So what ends up happening is that whatever browser session logs in
last, that's the valid session. That way someone could leave their
desk, go to another workstation, and still be able to log into their
account.