>  I have a login system which uses sessions, and when people login it
> the date they logged in in their profile and moves their last login
> over to another field, that works fine, but how can I check if someone
> logged out via code?  In other words, if someone does what they want
> then just closes the browser without logging out no record is saved,
> can
> I tell whether they have logged out / gone from the website ?  I need
> know this for security.

You can't know for sure. It's a limitation of HTTP. What you do is
assume that if after X minutes, the user hasn't done anything, then they
have left. If you're using sessions, the files will be cleaned up after
X minutes, anyhow, and they will lose their login. 

> Which brings me to my next question :-)
> How would I make it so only 1 person can login at any time with any
> username/password combo?  I know I have to track the sessions, but not
> sure
> how :-(

Set a flag in the database that says whether that user is logged in. If
that username tries to log in again, set an error. The problem you'll
run into with this, though, is you'll have to implement a "cleanup"
system to unset the flag after X minutes of inactivity. Also, if I
accidentally close my window and then go back to log in, it won't let me
because the flag is still set until your cleanup program unsets it. 

---John Holmes...

PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to