On Tue, 26 Feb 2008 07:51:55 +0100,
ra**********@gmail.com
<ra**********@gmail.comwrote:
I want to allow only one account currently logged in from one IP.
Sometimes user open two or three accounts from one IP.
Is there any way to stop that?
I m thinking of getting IP and storing it in session variables and
making a check but not clear about the whole process.
Rather then restrict it by ip, I use tables to store a session:
table sessions:
session-id (primary key, session-id from PHP)
user-id (from the users table or null)
values (default serialized session data)
table user:
id
name
etc...
On a login attempt, a user can identify himself, which will mean his
user-id gets coupled to the session, all other session(s) having that
user-id will have their user-id set to null (effectively logged out). The
user-id is 'manualy' (i.e. with PHP code querying the database)
overwritten in the $_SESSION array.
The advantage is that a user can be logged in with only one session-id,
regardless of changing/static ip addresses (several users from one, or one
hopping addresses is no trouble), the disadvantage could be that one user
which deploys different UA's which don't share their cookies (MSIE & FF
for instance), he can't stay logged in in both UA's.
--
Rik Wasmus