> Because this is a revenue-based site, and users buy a password for access, we're 
> wondering what the best php/mysql mechanism would be to allow only one person to 
> access their account at a time. 

> In other words, how do we prevent two users from using the same password to access 
> the same account at the same time?

If a user logs in:
store the login timestamp in the database
store the uid and timestamp in a session variable.

If a user requests a page:
compare the uid and timestamp in the session with the ones in the database.

This way:
Every user that tries to login with a valid uid/pwd gets access.
Every session with the same uid but older timestamp expires.

Don't applaud, just throw money :D

Tim Van Wassenhove <>

PHP Database Mailing List (
To unsubscribe, visit:

Reply via email to