Kevin Thorpe <ke***@pricetrak.com> wrote in message news:<3f***********************@news.easynet.co.uk >...
R. Rajesh Jeba Anbiah wrote:
gr*****@chello.nl (fr?) wrote in message news:<fd**************************@posting.google. com>...
Hi,
i have a website , on wich users have to log in
credentials are checked against mysql db
some session vars are set during login for use somewhere else in the
code.
Is there a way to prohibit a user to log in twice.
Yes, Store both session_id & IP in table, and check the validity
of session on each pages. You may look at
http://martin.f2o.org/download/php-login-script
Unfortunately this might not always work. We have some customers on AOL
or behind university round-robin proxies. The requests from these users
come from different IP addresses for each page. If you look in the
request headers
(http://www.zend.com/manual/function....st-headers.php)
I think most proxies add an X-forwarded-for: x.x.x.x header with the
real IP address.
I and another prgrammer recently faced a similiar problem. He ran the
java side of our site, and I ran the php side. We had to find a way
to have users log in once on either side and have that login remain
valid for the other side etc etc. Timeouts were a necessity for us
also. In short we set up a sessions table in our db which we would
write our own sessions into while also placing an MD5 sum in a cookie
on the client computer that contained username, pass and date I
believe. It was a while ago. We would then make a call to that
sessions table at page changes which allowed logins to remain valid
accross the language change as long as the user had a valid session.
That's probably a bit more than you'll need to do given that you're
just working in php, but thought I'd post it.
As far as the time out thing, I found it easier to make the login
script simply overwrite any existing sessions if there was a name
duplication. This took care of the comp crashing issues. In
addition, we are running a cronjob every fifteen minutes that queries
the db using a two hour interval to check for stale sessions. To make
that effective, we wrote an automatic session update into our session
checking script etc etc. Just a timestamp update. Have been running
this set up for several months now and it has been working pretty
well.