The only way to be able to track user sessions would be to use a db, for the functionality that you want. Move your entire sessoion handling to the db (see here for an article on this: ) You can track user ids, session ids, ip addresses etc with a table. Then its a simple matter to kill a user session by flagging or deleting the record.

Sessions tracking and limiting can be done in two ways:
1. use a cookie and check for the existance of this cookie when the user attempts to log on
2. store the IP in a session variable


From: "mel list_php" <[EMAIL PROTECTED]>
Subject: [PHP-DB] php sessions
Date: Tue, 15 Feb 2005 09:49:24 +0000


I have a few questions about the sessions in php.
I have a website where users are authentified through a login/password stored in a database. Once accepted, I start a session.

- can I "disconnect" an user? I mean I have a logout script, which is called when the user wants to logout, but can I log him out myself? I was thinking deleting the session files in php/tmp, but I don't have this access (and don't think it is a good way). My second idea was logging myself as this user (as I know the login/pass), but will this end its session?
I am not recoding the logout in the sql tables, so is there any way for me to kno which sessions are still active?

- this lead to my second question, can I limit the number of session per user (to 1)? I think it is possible, because I saw on some websites the warning "only one active session allowed per user, if you are already logged in you will be disconnected" but I don't know how this is managed.

- if my user is logged in (active session) and try to re-log in, will he open a new session or will he re-use the already opened one?

I think the global idea behind all this is how to attach a session to an user and how to control it.

Thanks for your help!

Want to block unwanted pop-ups? Download the free MSN Toolbar now!

PHP Database Mailing List (
To unsubscribe, visit:

-- PHP Database Mailing List ( To unsubscribe, visit:

Reply via email to