How to stop multiple Log In's under the same Username

On Mon, 29 Nov 2004 17:40:34 +0000 (UTC), "Chris Hall"
<ch****@skwirel.com> wrote:

Hello,

Any one got any good ideas or where to look for solutions how to stop
multiple log ins with the same username? I am using mysql database if that
makes a difference.

You might want to consider the consequences. You'll need to be able
to support users who aren't really logged in. For example, people
who's browser or computer crashed mid-session.
Wbat are you trying to accomplish?

--
gburnore@databasix dot com
---------------------------------------------------------------------------
How you look depends on where you go.
---------------------------------------------------------------------------
Gary L. Burnore | ÝÛ³ºÝ³Þ³ºÝ³³Ýۺݳ޳ºÝ³Ý³Þ³ºÝ³ÝÝÛ³
| ÝÛ³ºÝ³Þ³ºÝ³³Ýۺݳ޳ºÝ³Ý³Þ³ºÝ³ÝÝÛ³
DataBasix | ÝÛ³ºÝ³Þ³ºÝ³³Ýۺݳ޳ºÝ³Ý³Þ³ºÝ³ÝÝÛ³
| ÝÛ³ 3 4 1 4 2 ݳ޳ 6 9 0 6 9 ÝÛ³
Black Helicopter Repair Svcs Division | Official Proof of Purchase
================================================== =========================
Want one? GET one! http://signup.databasix.com
================================================== =========================

Chris Hall wrote:

Any one got any good ideas or where to look for solutions how to stop
multiple log ins with the same username? I am using mysql database if that
makes a difference.

Keep the session id along with ip, login id, and datetime in a sessions
table.

You can then check login attempts against the session table, and compare
the time they logged in against the time now, current IP vs session IP, etc.

It's not foolproof though you could at least lock out different IPs from
being on at the same time or within a given timeframe.

You could also zap the record in the sessions table for the first
instance of the login, meaning they'd have to log in again. If it's a
situation where they've shared their login information around, it'll
teach them not to do it again.

Kelv :)

--
LoHost
http://www.lohost.com

Kelv wrote:

Chris Hall wrote:

Any one got any good ideas or where to look for solutions how to stop
multiple log ins with the same username? I am using mysql database if
that
makes a difference.

You could also zap the record in the sessions table for the first
instance of the login, meaning they'd have to log in again. If it's a
situation where they've shared their login information around, it'll
teach them not to do it again.

I've actually gone this route before, and didn't have more than a dozen
complaints in about 2 years. It actually worked out nicer than I had
expected it to.

--
Justin Koivisto - sp**@koivi.com
http://www.koivi.com

On Mon, 29 Nov 2004 20:51:09 GMT, Justin Koivisto <sp**@koivi.com>
wrote:

Kelv wrote:

Chris Hall wrote:

Any one got any good ideas or where to look for solutions how to stop
multiple log ins with the same username? I am using mysql database if
that
makes a difference.
You could also zap the record in the sessions table for the first
instance of the login, meaning they'd have to log in again. If it's a
situation where they've shared their login information around, it'll
teach them not to do it again.

I've actually gone this route before, and didn't have more than a dozen
complaints in about 2 years.

How many hits on the site in an average month?

It actually worked out nicer than I had expected it to.

--
gburnore@databasix dot com
---------------------------------------------------------------------------
How you look depends on where you go.
---------------------------------------------------------------------------
Gary L. Burnore | ÝÛ³ºÝ³Þ³ºÝ³³Ýۺݳ޳ºÝ³Ý³Þ³ºÝ³ÝÝÛ³
| ÝÛ³ºÝ³Þ³ºÝ³³Ýۺݳ޳ºÝ³Ý³Þ³ºÝ³ÝÝÛ³
DataBasix | ÝÛ³ºÝ³Þ³ºÝ³³Ýۺݳ޳ºÝ³Ý³Þ³ºÝ³ÝÝÛ³
| ÝÛ³ 3 4 1 4 2 ݳ޳ 6 9 0 6 9 ÝÛ³
Black Helicopter Repair Svcs Division | Official Proof of Purchase
================================================== =========================
Want one? GET one! http://signup.databasix.com
================================================== =========================

Gary L. Burnore wrote:

On Mon, 29 Nov 2004 20:51:09 GMT, Justin Koivisto <sp**@koivi.com>
wrote:

Kelv wrote:

Chris Hall wrote:
Any one got any good ideas or where to look for solutions how to stop
multiple log ins with the same username? I am using mysql database if
that
makes a difference.

You could also zap the record in the sessions table for the first
instance of the login, meaning they'd have to log in again. If it's a
situation where they've shared their login information around, it'll
teach them not to do it again.

I've actually gone this route before, and didn't have more than a dozen
complaints in about 2 years.

How many hits on the site in an average month?

At the time there were about 10,000 unique visitors/month and 40,000
visits based on what AWStats spits out...

--
Justin Koivisto - sp**@koivi.com
http://www.koivi.com

On Mon, 29 Nov 2004 22:10:47 GMT, Justin Koivisto <sp**@koivi.com>
wrote:

Gary L. Burnore wrote:

On Mon, 29 Nov 2004 20:51:09 GMT, Justin Koivisto <sp**@koivi.com>
wrote:

Kelv wrote:
Chris Hall wrote:
>Any one got any good ideas or where to look for solutions how to stop
>multiple log ins with the same username? I am using mysql database if
>that
>makes a difference.

You could also zap the record in the sessions table for the first
instance of the login, meaning they'd have to log in again. If it's a
situation where they've shared their login information around, it'll
teach them not to do it again.

I've actually gone this route before, and didn't have more than a dozen
complaints in about 2 years.

How many hits on the site in an average month?

At the time there were about 10,000 unique visitors/month and 40,000
visits based on what AWStats spits out...

I can see why you say "better than you thought". 1 in 10,000 isn't
bad at all.
--
gburnore@databasix dot com
---------------------------------------------------------------------------
How you look depends on where you go.
---------------------------------------------------------------------------
Gary L. Burnore | ÝÛ³ºÝ³Þ³ºÝ³³Ýۺݳ޳ºÝ³Ý³Þ³ºÝ³ÝÝÛ³
| ÝÛ³ºÝ³Þ³ºÝ³³Ýۺݳ޳ºÝ³Ý³Þ³ºÝ³ÝÝÛ³
DataBasix | ÝÛ³ºÝ³Þ³ºÝ³³Ýۺݳ޳ºÝ³Ý³Þ³ºÝ³ÝÝÛ³
| ÝÛ³ 3 4 1 4 2 ݳ޳ 6 9 0 6 9 ÝÛ³
Black Helicopter Repair Svcs Division | Official Proof of Purchase
================================================== =========================
Want one? GET one! http://signup.databasix.com
================================================== =========================

"Kelv" <no*@having.it> wrote in message
news:co**********@santiago.kelv.net...

Chris Hall wrote:

Any one got any good ideas or where to look for solutions how to stop
multiple log ins with the same username? I am using mysql database if that makes a difference.
Keep the session id along with ip, login id, and datetime in a sessions
table.

You can then check login attempts against the session table, and compare
the time they logged in against the time now, current IP vs session IP,

etc.
It's not foolproof though you could at least lock out different IPs from
being on at the same time or within a given timeframe.

You could also zap the record in the sessions table for the first
instance of the login, meaning they'd have to log in again. If it's a
situation where they've shared their login information around, it'll
teach them not to do it again.

Kelv :)

--
LoHost
http://www.lohost.com

Checking the IP address is probably not a good strategy nowadays when WiFi
is so popular. Your user could be browsing your site in a bus, or his WiFi
adapter could switch to a different base station because the signal of the
pervious one has become too weak.

Destroying the previous session is a much more reliable option. And you
don't really need to implement your own session save-handler. Just remember
the session id, then delete the previous session file when the user log in
again. The path is usually session_save_path() . "/sess_" . $session_id. Or
simply scan the session save path, parse in every file, and delete the one
containing the username (stored as a session variable, presumably).

"Chris Hall" <ch****@skwirel.com> wrote in message news:<co**********@titan.btinternet.com>...

Hello,

Any one got any good ideas or where to look for solutions how to stop
multiple log ins with the same username? I am using mysql database if that
makes a difference.

1. http://www.google.com/search?q=php+login
2. http://martin.f2o.org/php/login

If IP check gives you trouble, just ignore it. Session id check
alone is sufficient. If you're more particular, you may try to check
user agent, lanugage, etc.

--
<?php echo 'Just another PHP saint'; ?>
Email: rrjanbiah-at-Y!com