Re: [PHP] Preventing Multiple Log-Ins after Authentication
I agree. Using a database is usually a good way of storing session information. But as noted by Dennis below, automatic logout may require additional scripts running in the background. This is a bit inferior in PHP compared to ASP. In ASP, support for automatic session destruction is implemented by having a magic function (called Session_End) which will be called automagically by the web server whenever a session expires. Having this in PHP would be very nice too! /lasso ([EMAIL PROTECTED]) Dennis Moore wrote: If you do not want to use cookes and use SID or trans SID; Another method is to track your logins via a database. This can be resource intensive though.You need to update the database upon each click or have an empty window refresh every 1-5 minutes. If there is no activity for 15 or 30 minutes automatically log the person off in the database. This requires a process to run in cron or a separate background program. The advantage of this is that is very easy to add time based accounting to the session management system. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Preventing Multiple Log-Ins after Authentication
[snip] Is there a standard method in PHP for preventing multiple people from using the same log-in username/password simultaneously on a membership site? Any suggestions are greatly appreciated. [/snip] One way is to set a non-expiring cookie, which works if they don't delete cookies from time-to-time. HTH! Jay Growing old is mandatory, growing up is optional * * Want to meet other PHP developers * * in your area? Check out: * * http://php.meetup.com/* * No developer is an island ... * * -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Preventing Multiple Log-Ins after Authentication
create cookie and at the end of the Script/page destroy cookies Use if statements: setcookie('cookie', $value, $expire, $path $domain); if(isset($cookie)) echo Access Denied, Multiple Login Attempted!; else run the page/script or Stick an fetch I.P Stick it in String array, if duplicate exist die... else run script Jay Blanchard [EMAIL PROTECTED] wrote in message 001401c22cf2$db192080$8102a8c0@niigziuo4ohhdt">news:001401c22cf2$db192080$8102a8c0@niigziuo4ohhdt... [snip] Is there a standard method in PHP for preventing multiple people from using the same log-in username/password simultaneously on a membership site? Any suggestions are greatly appreciated. [/snip] One way is to set a non-expiring cookie, which works if they don't delete cookies from time-to-time. HTH! Jay Growing old is mandatory, growing up is optional * * Want to meet other PHP developers * * in your area? Check out: * * http://php.meetup.com/* * No developer is an island ... * * -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Preventing Multiple Log-Ins after Authentication
You'll have to assign each user a unique id each time they log on. If they attempt to log on again, check and see if they already have a unique id and if they do, don't let them log on again. the problems you'll run into with this is, though, is that if someone doesn't log out, they'll still have a session and will have to wait for your cron job to clear it out... It goes back to the old question of how do you know if someone is really online. what if they are viewing a page, accidently close the browser, and then try to log in again. your script will probably think it's someone else trying to log on... Not sure if there is a truly effective way to do this... ---John Holmes... - Original Message - From: Monty [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, July 16, 2002 1:57 PM Subject: [PHP] Preventing Multiple Log-Ins after Authentication Is there a standard method in PHP for preventing multiple people from using the same log-in username/password simultaneously on a membership site? Any suggestions are greatly appreciated. Thanks! Monty -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Preventing Multiple Log-Ins after Authentication
If you do not want to use cookes and use SID or trans SID; Another method is to track your logins via a database. This can be resource intensive though.You need to update the database upon each click or have an empty window refresh every 1-5 minutes. If there is no activity for 15 or 30 minutes automatically log the person off in the database. This requires a process to run in cron or a separate background program. The advantage of this is that is very easy to add time based accounting to the session management system. - Original Message - From: Monty [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, July 16, 2002 1:57 PM Subject: [PHP] Preventing Multiple Log-Ins after Authentication Is there a standard method in PHP for preventing multiple people from using the same log-in username/password simultaneously on a membership site? Any suggestions are greatly appreciated. Thanks! Monty -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Preventing Multiple Log-Ins after Authentication
I forgot to mention that you can use Javascript to manage the open windows. We the user closes the main window, you can direct the empty window to log the user out and close its window as well. - Original Message - From: Dennis Moore [EMAIL PROTECTED] To: [EMAIL PROTECTED]; Monty [EMAIL PROTECTED] Sent: Tuesday, July 16, 2002 3:22 PM Subject: Re: [PHP] Preventing Multiple Log-Ins after Authentication If you do not want to use cookes and use SID or trans SID; Another method is to track your logins via a database. This can be resource intensive though.You need to update the database upon each click or have an empty window refresh every 1-5 minutes. If there is no activity for 15 or 30 minutes automatically log the person off in the database. This requires a process to run in cron or a separate background program. The advantage of this is that is very easy to add time based accounting to the session management system. - Original Message - From: Monty [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, July 16, 2002 1:57 PM Subject: [PHP] Preventing Multiple Log-Ins after Authentication Is there a standard method in PHP for preventing multiple people from using the same log-in username/password simultaneously on a membership site? Any suggestions are greatly appreciated. Thanks! Monty -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Preventing Multiple Log-Ins after Authentication
On Tue, Jul 16, 2002 at 01:57:51PM -0400, Monty wrote: Is there a standard method in PHP for preventing multiple people from using the same log-in username/password simultaneously on a membership site? Any suggestions are greatly appreciated. My session management system uses a database backend. Each hit updates a timestamp in the database, among other things. If the time of the new hit is too long since the last hit, it denies access. Now, if a person logs in again and their User ID is in the session table, that means either their old session timed out or they're being hijacked. Either way, terminate the old session and move what they were doing into the new session. THEN, if the person in the first session is still browsing, they'll get a message saying their session was terminated. They'll be prompted for a login. That successful login will terminate the second session. --Dan -- PHP classes that make web design easier SQL Solution | Layout Solution | Form Solution sqlsolution.info | layoutsolution.info | formsolution.info T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y 4015 7 Av #4AJ, Brooklyn NY v: 718-854-0335 f: 718-854-0409 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php