By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
437,949 Members | 1,838 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 437,949 IT Pros & Developers. It's quick & easy.

How to restrict one user from one IP

P: n/a
I want to allow only one account currently logged in from one IP.
Sometimes user open two or three accounts from one IP.
Is there any way to stop that?

I m thinking of getting IP and storing it in session variables and
making a check but not clear about the whole process.

Regards
Rahi
Feb 26 '08 #1
Share this Question
Share on Google+
5 Replies


P: n/a
ra**********@gmail.com wrote:
I want to allow only one account currently logged in from one IP.
Sometimes user open two or three accounts from one IP.
Is there any way to stop that?

I m thinking of getting IP and storing it in session variables and
making a check but not clear about the whole process.

Regards
Rahi
You can't do it reliably.

Many medium and large companies have a proxy that all computers on their
network use, so externally, all of their computers will have the same IP
address.

But worse, many large companies and ISP's (such as AOL) use multiple
proxies, and a request can come from any of the proxies. That means
every request may come from a different IP address.

And even if neither of the above is true, dynamic addressing means a
user can get a different IP address when his current lease expires.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================

Feb 26 '08 #2

P: n/a
ra**********@gmail.com wrote:
I want to allow only one account currently logged in from one IP.
Sometimes user open two or three accounts from one IP.
Is there any way to stop that?

I m thinking of getting IP and storing it in session variables and
making a check but not clear about the whole process.
$_SESSION

--
Freundliche Gre,
Franz Marksteiner

Feb 26 '08 #3

P: n/a
On Tue, 26 Feb 2008 07:51:55 +0100, ra**********@gmail.com
<ra**********@gmail.comwrote:
I want to allow only one account currently logged in from one IP.
Sometimes user open two or three accounts from one IP.
Is there any way to stop that?

I m thinking of getting IP and storing it in session variables and
making a check but not clear about the whole process.
Rather then restrict it by ip, I use tables to store a session:

table sessions:
session-id (primary key, session-id from PHP)
user-id (from the users table or null)
values (default serialized session data)

table user:
id
name
etc...

On a login attempt, a user can identify himself, which will mean his
user-id gets coupled to the session, all other session(s) having that
user-id will have their user-id set to null (effectively logged out). The
user-id is 'manualy' (i.e. with PHP code querying the database)
overwritten in the $_SESSION array.

The advantage is that a user can be logged in with only one session-id,
regardless of changing/static ip addresses (several users from one, or one
hopping addresses is no trouble), the disadvantage could be that one user
which deploys different UA's which don't share their cookies (MSIE & FF
for instance), he can't stay logged in in both UA's.
--
Rik Wasmus
Feb 26 '08 #4

P: n/a
On Feb 26, 1:51 am, "rahismail...@gmail.com" <rahismail...@gmail.com>
wrote:
I want to allow only one account currently logged in from one IP.
Sometimes user open two or three accounts from one IP.
Is there any way to stop that?

I m thinking of getting IP and storing it in session variables and
making a check but not clear about the whole process.

Regards
Rahi
$_SESSION wont help with this on it's own as two computers would have
separate SESSION_IDs
you would have to store IP addresses with SESSION_ID in a database or
something
then you'd have to search the db for that IP on every page access, and
if the SESSION_ID doesn't match... handle it...

but the problems with this have been highlighted and if it's something
like someone flooding your site, throttle Login actions to y attempts
every x seconds
Feb 26 '08 #5

P: n/a


ra**********@gmail.com wrote:
I want to allow only one account currently logged in from one IP.
Sometimes user open two or three accounts from one IP.
Is there any way to stop that?

I m thinking of getting IP and storing it in session variables and
making a check but not clear about the whole process.

Regards
Rahi
Search the archives, you will find the answer! Do not ask the question
which were answered!..
Feb 26 '08 #6

This discussion thread is closed

Replies have been disabled for this discussion.