|
Posted by Gleep on 07/11/18 11:39
I've searched google intensely on this topic and it seems noone really knows how to approch this.
The goal I don't want clients to give out their usernames and passwords to friends, since the site
relies on subscrption fees.
Sessions ID's are matched between the browser and the server. So a users can login with same
username and password and those sessions are tracked individually.
Some suggest create table fields with the session ID and a time stamp. However my clients can spend
alot of time on a page and I don't want to force them to re-login, would be annoying.
On the other hand, some clients do not logout properly and sessions open active and/or a script that
runs the timestamp does not clear that field. Then the next they login the stamp reads that they are
active and will not allow them to login.
I'm an experienced PHP programmer yet this task has got me going in circles. Everytime I think I
have a method worked out - there is a reason why it won't.
The approach I'm considering now is to grab and loop all the server sessions username values - then
compare those values to a flaged "logged-in" field from the user table. That way if a flag is
negative I will allow the user to login in and create a session and flag that field. If a session
does not exist then the flag is cleared. I would run the cron 10 minute intervals. If I find 2
sessions with same username I unset both - then fire off an email to the client reminding them
multiple logins are a bad thing
Does this sound right? Anyone else have a better idea?
Navigation:
[Reply to this message]
|