Daniel, What about using IP Logging? If the user is already logged in with the same IP you can let them on, if its a new IP you could ask them if they are a returning user? If so, make them log in a second time for verification, and close the other logged in user/account.
Make some fancy "It appears your at a different location message, for security we'll need you to log in again." Now if they have dial up that might be a pain in the rear as the IP can change on each dial up, but for most broadband accounts and business that the user could go to, IE public library, etc.. they'd still only have one IP (assuming it's static) for each terminal....(ramblin) but you get the idea, This is just another suggestion as I don't see it was one used yet. BTW, I'm only a newbie, so don't ask me how you'd do it, cuz I'm still learning the art of PHP yet. ;) I can log ips into a database though, so it shouldn't be that hard to pull them out and confirm that $newIp==$loggedIp. If you coupled this idea some of the other expiration techniques mentioned you could have one hell of a login monitoring system. Best of luck in your solution. David -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Saturday, May 31, 2003 9:11 PM To: [EMAIL PROTECTED] Subject: [PHP] trikky authentication question hi guys i have an authentication class , there is one last big issue to fix , i am trying to prevent multiple logins , it does this ok except , the first login gets kicked instead of the second one , i have a last_login date entry to work with , what else should i have so on the login check if the user is logged in , there is an issue using the logged in feature , ok u give it an interval of say 2 hours , this may prevent that person reloggin in for two hours right ?? :| , or say its a few minutes , i can log bak in after a few minutes and still kick the first login, what are my options -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
