Bob McConnell wrote:
Web servers can only identify computers, not users. You will need something else to track which user started a specific application on a particular computer, probably a fingerprint scanner next to the keyboard. But that won't prevent someone else from replacing the entity between the keyboard and the chair after they log in. Plus, it is unlikely that will be useful in a true multi-user environment. There are simply too many possible ways to get around your restrictions.
Isn't it simple to associate a single session ID with a username? User logs in, place username and session ID in active users table and invalidate any others for same user. When user accesses page check session ID against entry in active users table. Richard Quadling has it right. This is not complicated, but it sounds like people are making it so. The user identified themselves via login.
Cheers, Rob. -- http://www.interjinn.com Application and Templating Framework for PHP -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php