.hack//GU 0 Report post Posted February 8, 2008 When we login, we got a session.But at the same time when we still login, another one could login at our account.So, can we restrict only one user could login at one account?So if another wants to log into the same account, he must wait until the one logs out.Thanks in advance. Share this post Link to post Share on other sites
sonesay 7 Report post Posted February 8, 2008 I came across this problem before and found a link that showed one possible solution, It uses another table to hold users currently logged in. So when a user logs in they entry is entered into the table of logged in users. This table can also be used for showing all users logged in.When the same user tries to login again you can check this table and then display an appropriate message for them if the same user is already logged in. I did not read too much of it but I think whats lacking in this solution is how to deal with users who log off without clearing their name from the logged in users table. i.e by closing their browser without choosing the logout link. I think you may be able to use a timeout for their login session.It seems pretty complicated just to handle a login session but thats what I think is the only way if you were to write it yourself. maybe google for ways to do it or hopefully someones who has done a complete login system to handle this can explain to us. Share this post Link to post Share on other sites
truefusion 3 Report post Posted February 8, 2008 So if another wants to log into the same account, he must wait until the one logs out.It's easier if you create a user ID that gets randomly generated every time a user logs in, and keep track of them like that—this is how i have it in some of my scripts. This way, if someone were to log into the same account, it would kick the previous user off. The only problem with this is if there's a "battle" (i.e. both kicking each other off simultaneously) that gets started from this, but i don't see that as a big enough problem to worry about.However, if you were to follow the suggestion provided by sonesay about keeping track of all logged in users, you could limit the session by IP address: if it doesn't match, deny access for the time being. Share this post Link to post Share on other sites
sonesay 7 Report post Posted February 8, 2008 Although I can see why you would want to limit the use of a site to one login per user for security, limiting chance of second account from making modifications affecting other account or what other reasons I'm sure theres a lot more out there but if the second person had the password and login id in the first place this should not be a problem having two logins. I know most sites let you log in more then one time from different machines, I've logged into Xisto from two different browsers and machines before and I find it quiet handy. Maybe you did not think of it this way, just something to consider before you do all the work trying to make it otherwise.I'll be coming back to this issue again soon when I am going to be building the login system. I'm still not sure if I'll use a PHP framework for this yet, I do not know any frameworks very well and I have been looking at one but documentation is very vague and examples are next to none. Also going about building pages how I would want to I would not know how to even begin in the frameworks. Share this post Link to post Share on other sites