Here's a couple of suggestions:

1) You can use javascript to trap the window's closure and create a new
window that simply calls one of your scripts that closes the session.
This is not 100% foolproof, however, so you need to come up with a
backup plan, like closing sessions automatically with a batch process in
the backend.

2) That's easy enough--just store a "unique token" in their session and
in the database when they log in. If, when they come to you with a
particular user id they do not have the right token, then that means
that either (a) somebody is trying to steal a session or (b) two people
have signed on with the same username, in which case you can decide who
gets the boot. This, too, is not a completely foolproof method
(particularly if you don't use SSL), but it's a good starting point.

Hope this helps.



php|architect - The magazine for PHP Professionals
The first monthly worldwide magazine dedicated to PHP programmers

Come visit us at!

On Wed, 2002-11-27 at 20:19, Chris Payne wrote:
> Hi there everyone,
>  I have a login system which uses sessions, and when people login it puts
> the date they logged in in their profile and moves their last login date
> over to another field, that works fine, but how can I check if someone has
> logged out via code?  In other words, if someone does what they want and
> then just closes the browser without logging out no record is saved, how can
> I tell whether they have logged out / gone from the website ?  I need to
> know this for security.
> Which brings me to my next question :-)
> How would I make it so only 1 person can login at any time with any given
> username/password combo?  I know I have to track the sessions, but not sure
> how :-(
> Any help would really be appreciated.
> Chris
> -- 
> PHP Database Mailing List (
> To unsubscribe, visit:

PHP Database Mailing List (
To unsubscribe, visit:

Reply via email to