August 12th, 2005, 01:05 AM
Deny Multiple Logins
I need a few suggestions about the best way to prevent multiple logins by same user. Like if a user is already logged in, and another attempt is made to login with same username and password, then that login is denied.
August 12th, 2005, 02:44 AM
Store the session info into database. If there is an active session with the username, deny login. You can specify that session is inactive when user either logs out or has not done anything during x minutes. The risk is that if a user accidentally loses one's session (computer crash), he'll have to wait for the timeout of the session.
August 12th, 2005, 04:02 AM
Actually i dont like this approach due to this only, if the user just closes the window and then again tries to login, he will not be able to login until the session timeout is reached.
Originally Posted by jst666
August 12th, 2005, 06:21 AM
To some extent this problem will follow you. There is no fool proof way to check if a user is using the site or not, without using hacks like constantly refreshing frame / iframe, java applet, or something similar.
Originally Posted by the_invincible
On extension to the same idea is to allow user to login multiple times with same browser version and from same ip. Now while with some connections the ip might change rapidly, usually the user could login from the same computer if closing the browser window. This would allow multiple sessions behind nats and with same browser.
One approach is that all older sessions for the same user are destroyed in login process; in this case when another person logs in using the same username, the one who was there first is automatically logged out. Might be annoying for those who have shared their login info, but would allow only one session per username.
August 12th, 2005, 07:16 AM
prevent multiple logins...
If you want to do this then do only this....
If the user A is logged in and another login is requested for the user A account kill the first users session! What this will do is tell the user that account sharing does not work, so sharing their account with others will only effect their over all experience! This also will save you the hassle of user complaining they can not login because you are denying them access! It's a simple but effective way of not allowing account sharing!
April 21st, 2013, 01:11 PM
Originally Posted by printf
I have been trying to achieve just what you suggested - logout the user's first session when he logs in the second time. But I am stuck and don't know how to code the part where the server needs to send some instruction to the first client terminal to log out the user and also give a message to that effect. Please help. Thanks all.