Posted by frizzle on 10/26/80 11:39

alvonsius wrote:
> How about scenario like this ..
> If user A is login into the system, the database write the use log,
> userid, timestamp, blah blah ... and the when user B login with the
> same account the system automatically do the logout action for the user
> A and tell him what's happened (like "dude, some other user is logging
> with your same account") ... then we give the user chance to re-login
> and kick user B plus protect user A from kicking ...
>
> Humm ... my english is suck ... I can't give clear explanation ... but
> I hope you get the idea ...
>
> About cron, I think that wasn't bad idea ... user should know about the
> session expiration in the Term of Service. If they agree with that ...
> I think it is OK ... plus, we owned the site and what we do is simply
> to protect them, right ...

Why not prevent user B from logging in, and not kicking user A?
If i were user A, i wouldn't like being kicked for someone else's
"hacking" attempts.
That's not my problem ...

[Back to original message]