Posted by Tim Van Wassenhove on 12/04/06 18:45

gehegeradeaus@gmail.com schreef:
> Is there a way to prevent one user-account from logging in twice on the
> same system when using sessions?
>
> I also put the session of a user in a mysql database :
>
> CREATE TABLE `login_sessions` (
> `login_id` int(10) unsigned NOT NULL auto_increment,
> `login_session_id` varchar(32) NOT NULL default '',
> `login_user_id` int(10) unsigned NOT NULL default '0',
> `login_date` int(14) unsigned NOT NULL default '0',
> PRIMARY KEY (`login_id`)
> ) ENGINE=MyISAM AUTO_INCREMENT=154 DEFAULT CHARSET=utf8
> AUTO_INCREMENT=154 ;
>
> I can check whether the user_id is already in the database, but what if
> the user doesn't log out properly?

- Add a 'loginnumber' column to each user.
- Every time the user logs in you increment the loginnumber by one and
store it in the users session
- On every page request you verify if the loginnumber in the session is
still the persisted one

-> advantage: the previous 'loginnumber' will expire as soon as the user
logs in again. No need to think about expiring older sessions...

-> disadvantage: you have to verify the loginnumber on each page request
(but if you're going to keep track of the 'last requested' page you have
to do this too...)


--
Tim Van Wassenhove <url:http://www.timvw.be/>

[Back to original message]