#1
  1. No Profile Picture
    The Iceman
    Devshed Newbie (0 - 499 posts)

    Join Date
    Sep 2004
    Posts
    110
    Rep Power
    11

    Deny Multiple Logins


    I need a few suggestions about the best way to prevent multiple logins by same user. Like if a user is already logged in, and another attempt is made to login with same username and password, then that login is denied.
  2. #2
  3. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Nov 2004
    Location
    Kurvi
    Posts
    490
    Rep Power
    185
    Store the session info into database. If there is an active session with the username, deny login. You can specify that session is inactive when user either logs out or has not done anything during x minutes. The risk is that if a user accidentally loses one's session (computer crash), he'll have to wait for the timeout of the session.
  4. #3
  5. No Profile Picture
    The Iceman
    Devshed Newbie (0 - 499 posts)

    Join Date
    Sep 2004
    Posts
    110
    Rep Power
    11
    Originally Posted by jst666
    Store the session info into database. If there is an active session with the username, deny login. You can specify that session is inactive when user either logs out or has not done anything during x minutes. The risk is that if a user accidentally loses one's session (computer crash), he'll have to wait for the timeout of the session.
    Actually i dont like this approach due to this only, if the user just closes the window and then again tries to login, he will not be able to login until the session timeout is reached.
  6. #4
  7. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Nov 2004
    Location
    Kurvi
    Posts
    490
    Rep Power
    185
    Originally Posted by the_invincible
    Actually i dont like this approach due to this only, if the user just closes the window and then again tries to login, he will not be able to login until the session timeout is reached.
    To some extent this problem will follow you. There is no fool proof way to check if a user is using the site or not, without using hacks like constantly refreshing frame / iframe, java applet, or something similar.

    On extension to the same idea is to allow user to login multiple times with same browser version and from same ip. Now while with some connections the ip might change rapidly, usually the user could login from the same computer if closing the browser window. This would allow multiple sessions behind nats and with same browser.

    One approach is that all older sessions for the same user are destroyed in login process; in this case when another person logs in using the same username, the one who was there first is automatically logged out. Might be annoying for those who have shared their login info, but would allow only one session per username.
  8. #5
  9. No Profile Picture
    Contributing User
    Devshed Intermediate (1500 - 1999 posts)

    Join Date
    Jan 2005
    Posts
    1,586
    Rep Power
    275
    prevent multiple logins...

    If you want to do this then do only this....

    If the user A is logged in and another login is requested for the user A account kill the first users session! What this will do is tell the user that account sharing does not work, so sharing their account with others will only effect their over all experience! This also will save you the hassle of user complaining they can not login because you are denying them access! It's a simple but effective way of not allowing account sharing!

    printf
  10. #6
  11. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Apr 2013
    Posts
    5
    Rep Power
    0
    Originally Posted by printf
    prevent multiple logins...

    If you want to do this then do only this....

    If the user A is logged in and another login is requested for the user A account kill the first users session! What this will do is tell the user that account sharing does not work, so sharing their account with others will only effect their over all experience! This also will save you the hassle of user complaining they can not login because you are denying them access! It's a simple but effective way of not allowing account sharing!

    printf
    Hi printf,

    I have been trying to achieve just what you suggested - logout the user's first session when he logs in the second time. But I am stuck and don't know how to code the part where the server needs to send some instruction to the first client terminal to log out the user and also give a message to that effect. Please help. Thanks all.

IMN logo majestic logo threadwatch logo seochat tools logo