There are few options... Database/Application scope to store all the logged in users and check/authenticate every user aganist the scope. You would have to write a routine to clean up the application scope users.. as they log out.
Joe -----Original Message----- From: Mark Leder [mailto:[EMAIL PROTECTED]] Sent: Monday, October 14, 2002 1:30 PM To: CF-Talk Subject: Duplicate UserNames / Passwords logging into a site Hi All, I need some ideas on the best approach to the following: I have a subscription based site, where everyone has their own user name and password (I keep duplicates from being entered in the database). However, the problem is with sharing of usernames and passwords. Say for example I log in as UID = "mark" and PWD = "12345", while I'm in using the site, someone else can use this same user name and password to log in and use the site illegally. The ideal situation would be if I were logged in, then a second person tries to use my UID and PWD, the second person is denied access, and the first person is booted out and given a warning screen that they account may be deactivated because of abuse. I use session management on this site, but have not implemented cookies. What would be a good way to accomplish this? Thanks, Mark ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm