>   anyone knows how to avoid user to login twice in different computer
>   ?
>   for exam : User A login using computer D, and then A go to computer
>   E and A login again. how to restrict A to login using computer E
>   when he have another session in computer D ?

If you have a user database and keep track of which user belongs to which
session, then when a user logs in, you could simply check to see if a
session that belongs to that user already exists. The question then is: Do
you chunk the first session? Or do you refuse to let the user log in again?

Also, this will not prevent session spoofing. If a malicious user can get
the same cookies or GET parameters that the real user is using, the
malicious user can use the exact same session without ever logging in. No
reliable way to prevent this without some creative and burdensome
authentication mechanisms.

Dean Hall.

PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to