Restricting the access is one approach.
Another approach that I have successfully employed is to allow the second user to log in, but changing the "current" user for that account to the new login.
The next time the original user with the same account accesses any protected page, they are asked to login again, since they aren't the "current" user, at which point they become the current user. Every time the 2nd (or 3rd or 4th) user has to login again, the site became less fun to share with friends. At which point the legitimate user often changed their password, and the duplicate logins disappeared very quickly as an issue.
But we clearly spelled out on the relogin page WHY they had to log in again.
Note: this also turned up some "hijacked" accounts that were being used without the subscriber's knowledge.
Just a thought,
Jerry Johnson
>>> [EMAIL PROTECTED] 08/25/04 01:42PM >>>
Hey all,
I need to restrict users to one login per username, so I need to check to ensure
that username has not already been logged into the site.
So I am thinking of creating a structure in the application scope in which I
will store the userids that are logged into the system.
As a new person logs on I would check that structure and if I do not find the
userid I would log the person in, and append their username to the structure.
If the userid is in the structure I would need to clear the session variables in
existence for that userid....now..how the heck am I going to do that?
I need to clear it because there is going to be some point where someone's
browser is going to crash on them in the middle of a session, and if I do not
allow the second userid attempt to log in, they will be locked out of the system
until their session clears.
Does anyone know of a better way to do this?
-Gel
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
