|
|
Posted by Jerry Stuckle on 07/11/58 11:39
alvonsius wrote:
> How about scenario like this ..
> If user A is login into the system, the database write the use log,
> userid, timestamp, blah blah ... and the when user B login with the
> same account the system automatically do the logout action for the user
> A and tell him what's happened (like "dude, some other user is logging
> with your same account") ... then we give the user chance to re-login
> and kick user B plus protect user A from kicking ...
>
> Humm ... my english is suck ... I can't give clear explanation ... but
> I hope you get the idea ...
>
> About cron, I think that wasn't bad idea ... user should know about the
> session expiration in the Term of Service. If they agree with that ...
> I think it is OK ... plus, we owned the site and what we do is simply
> to protect them, right ...
>
Actually, I like this way a lot better than refusing to log user B in.
One of the distributors I use for another business does something
similar. If I log in from a second computer (or a different browser),
it logs the first session off. Simple and painless. I can't have two
sessions going at the same time, and I'm not restricted for a period of
time because I didn't log off previously.
I can see another advantage to this, also. You can't stop User "A" from
giving his password to User "B". However, if "B" knocks "A" off enough
times, "A" will change his PW and not give it to "B".
As for being logged off due to a hack - well, if you use any reasonable
password, most likely that won't happen. Remember - it's a successful
login which logs the person off - an unsuccessful login won't do it.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================
Navigation:
[Reply to this message]
|