Re: [PHP] Preventing Multiple Log-Ins after Authentication

2002-07-17 Thread Lars Olsson

I agree. Using a database is usually a good way of storing session 
information. But as noted by Dennis below, automatic logout may require 
additional scripts running in the background. This is a bit inferior in 
PHP compared to ASP. In ASP, support for automatic session destruction 
is implemented by having a magic function (called Session_End) which 
will be called automagically by the web server whenever a session 
expires. Having this in PHP would be very nice too!

/lasso ([EMAIL PROTECTED])



Dennis Moore wrote:
 If you do not want to use cookes and use SID or trans SID; Another method is
 to track your logins via a database.   This can be resource intensive
 though.You need to update the database upon each click or have an empty
 window refresh every 1-5 minutes.  If there is no activity for 15 or 30
 minutes automatically log the person off in the database.  This requires a
 process to run in cron or a separate background program.  The advantage of
 this is that is very easy to add time based accounting to the session
 management system.


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




RE: [PHP] Preventing Multiple Log-Ins after Authentication

2002-07-16 Thread Jay Blanchard

[snip]
Is there a standard method in PHP for preventing multiple people from using
the same log-in username/password simultaneously on a membership site? Any
suggestions are greatly appreciated.
[/snip]

One way is to set a non-expiring cookie, which works if they don't delete
cookies from time-to-time.

HTH!

Jay

Growing old is mandatory, growing up is optional

*
* Want to meet other PHP developers *
* in your area? Check out:  *
* http://php.meetup.com/*
* No developer is an island ... *
*



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




Re: [PHP] Preventing Multiple Log-Ins after Authentication

2002-07-16 Thread Kondwani Spike Mkandawire

create cookie and at the end of the Script/page destroy cookies
Use if statements:
setcookie('cookie', $value, $expire, $path
$domain);
 if(isset($cookie))
echo Access Denied, Multiple Login
Attempted!;
else
run the page/script


or

Stick an fetch I.P Stick it in String array,
if duplicate exist die...
else run script
Jay Blanchard [EMAIL PROTECTED] wrote in message
001401c22cf2$db192080$8102a8c0@niigziuo4ohhdt">news:001401c22cf2$db192080$8102a8c0@niigziuo4ohhdt...
 [snip]
 Is there a standard method in PHP for preventing multiple people from
using
 the same log-in username/password simultaneously on a membership site? Any
 suggestions are greatly appreciated.
 [/snip]

 One way is to set a non-expiring cookie, which works if they don't delete
 cookies from time-to-time.

 HTH!

 Jay

 Growing old is mandatory, growing up is optional

 *
 * Want to meet other PHP developers *
 * in your area? Check out:  *
 * http://php.meetup.com/*
 * No developer is an island ... *
 *





-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




Re: [PHP] Preventing Multiple Log-Ins after Authentication

2002-07-16 Thread 1LT John W. Holmes

You'll have to assign each user a unique id each time they log on. If they
attempt to log on again, check and see if they already have a unique id and
if they do, don't let them log on again.

the problems you'll run into with this is, though, is that if someone
doesn't log out, they'll still have a session and will have to wait for your
cron job to clear it out... It goes back to the old question of how do you
know if someone is really online. what if they are viewing a page,
accidently close the browser, and then try to log in again. your script will
probably think it's someone else trying to log on...

Not sure if there is a truly effective way to do this...

---John Holmes...

- Original Message -
From: Monty [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, July 16, 2002 1:57 PM
Subject: [PHP] Preventing Multiple Log-Ins after Authentication


 Is there a standard method in PHP for preventing multiple people from
using
 the same log-in username/password simultaneously on a membership site? Any
 suggestions are greatly appreciated.

 Thanks!

 Monty


 --
 PHP General Mailing List (http://www.php.net/)
 To unsubscribe, visit: http://www.php.net/unsub.php



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




Re: [PHP] Preventing Multiple Log-Ins after Authentication

2002-07-16 Thread Dennis Moore

If you do not want to use cookes and use SID or trans SID; Another method is
to track your logins via a database.   This can be resource intensive
though.You need to update the database upon each click or have an empty
window refresh every 1-5 minutes.  If there is no activity for 15 or 30
minutes automatically log the person off in the database.  This requires a
process to run in cron or a separate background program.  The advantage of
this is that is very easy to add time based accounting to the session
management system.


- Original Message -
From: Monty [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, July 16, 2002 1:57 PM
Subject: [PHP] Preventing Multiple Log-Ins after Authentication


 Is there a standard method in PHP for preventing multiple people from
using
 the same log-in username/password simultaneously on a membership site? Any
 suggestions are greatly appreciated.

 Thanks!

 Monty


 --
 PHP General Mailing List (http://www.php.net/)
 To unsubscribe, visit: http://www.php.net/unsub.php



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




Re: [PHP] Preventing Multiple Log-Ins after Authentication

2002-07-16 Thread Dennis Moore

I forgot to mention that you can use Javascript to manage the open windows.
We the user closes the main window, you can direct the empty window to log
the user out and close its window as well.



- Original Message -
From: Dennis Moore [EMAIL PROTECTED]
To: [EMAIL PROTECTED]; Monty [EMAIL PROTECTED]
Sent: Tuesday, July 16, 2002 3:22 PM
Subject: Re: [PHP] Preventing Multiple Log-Ins after Authentication


 If you do not want to use cookes and use SID or trans SID; Another method
is
 to track your logins via a database.   This can be resource intensive
 though.You need to update the database upon each click or have an
empty
 window refresh every 1-5 minutes.  If there is no activity for 15 or 30
 minutes automatically log the person off in the database.  This requires a
 process to run in cron or a separate background program.  The advantage of
 this is that is very easy to add time based accounting to the session
 management system.


 - Original Message -
 From: Monty [EMAIL PROTECTED]
 To: [EMAIL PROTECTED]
 Sent: Tuesday, July 16, 2002 1:57 PM
 Subject: [PHP] Preventing Multiple Log-Ins after Authentication


  Is there a standard method in PHP for preventing multiple people from
 using
  the same log-in username/password simultaneously on a membership site?
Any
  suggestions are greatly appreciated.
 
  Thanks!
 
  Monty
 
 
  --
  PHP General Mailing List (http://www.php.net/)
  To unsubscribe, visit: http://www.php.net/unsub.php
 


 --
 PHP General Mailing List (http://www.php.net/)
 To unsubscribe, visit: http://www.php.net/unsub.php



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




Re: [PHP] Preventing Multiple Log-Ins after Authentication

2002-07-16 Thread Analysis Solutions

On Tue, Jul 16, 2002 at 01:57:51PM -0400, Monty wrote:
 Is there a standard method in PHP for preventing multiple people from using
 the same log-in username/password simultaneously on a membership site? Any
 suggestions are greatly appreciated.

My session management system uses a database backend.  Each hit updates a
timestamp in the database, among other things.  If the time of the new hit
is too long since the last hit, it denies access.

Now, if a person logs in again and their User ID is in the session table, 
that means either their old session timed out or they're being hijacked.  
Either way, terminate the old session and move what they were doing into 
the new session.

THEN, if the person in the first session is still browsing, they'll get a 
message saying their session was terminated.  They'll be prompted for a 
login.  That successful login will terminate the second session.

--Dan

--
   PHP classes that make web design easier
SQL Solution  |   Layout Solution   |  Form Solution
sqlsolution.info  | layoutsolution.info |  formsolution.info
 T H E   A N A L Y S I S   A N D   S O L U T I O N S   C O M P A N Y
 4015 7 Av #4AJ, Brooklyn NY v: 718-854-0335 f: 718-854-0409

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php