Reply to Re: How to restrict multiple login using a single account.

Your name:

Reply:


Posted by Schraalhans Keukenmeester on 05/24/07 09:23

At Wed, 23 May 2007 23:57:34 -0700, carrion let his monkeys type:

> On May 22, 11:10 am, shankhar <shankha...@gmail.com> wrote:
>> Hi all,
>>
>> In my project there is a requirement. If a user logged in at a time
>> since he/she logged out others are not allowed to loggin using the
>> same user name. That is to avoid multiple logins using a account. How
>> to do this?
>>
>> I had got a idea and implemented.
>>
>> 1. When a user logs in storing the username, ip, login time to db.
>> 2. When a User logs in i'll check the table whether the username
>> exists in the table or not if yes i'll not allow the user to login
>> else i'll allow to loggin.
>> 3. When he logs out i'll delete the record from the table. Then he/
>> she can login again.
>>
>> But there is a problem in this the user can close the browser directly
>> or right click in the taskbar and close it or by pressing Alt + F4. So
>> for this i have to catch the things in Javascript and trigger the
>> logout.
>>
>> Is is possible to catch the events in Javascript, if yes please
>> provide me.
>>
>> Or Is there any other method to restrict multiple login using single
>> account.
>>
>> Thanx in advance.
>>
>> Shankhar
>
> There's the DOM event document.onunload.
> Maybe you could use it to send an ajax request that terminates the
> session.
> But it don't really know how reliable this would be.
>
> Good luck

Only effective if the user closes the page && has Javascript enabled. Net
outage, app or pc crash, cable disconnect, etc etc. won't be handled
correctly. Just face the fact web apps have stateless user connections.

I haven't seen a failsafe mechanism yet. Nowhere. (Except those
using one-time key devices or keyculators) Simplest is (as suggested by
others) when (a) user logs in using a given set of credentials,
immediately close any open session matching them and inform about a new
login from another address and offer the option to have their password
reset and sent by mail. If they choose that option, block the other opened
session as well.

In case their creds were obtained without their approval, they ought
to be pleased to find out their account details were nicked and should be
changed immediately.


Sh.

[Back to original message]
Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация