Posted by d on 09/23/99 11:39

"frizzle" <phpfrizzle@gmail.com> wrote in message
news:1139485680.126735.273630@z14g2000cwz.googlegroups.com...
> alvonsius wrote:
>> How about scenario like this ..
>> If user A is login into the system, the database write the use log,
>> userid, timestamp, blah blah ... and the when user B login with the
>> same account the system automatically do the logout action for the user
>> A and tell him what's happened (like "dude, some other user is logging
>> with your same account") ... then we give the user chance to re-login
>> and kick user B plus protect user A from kicking ...
>>
>> Humm ... my english is suck ... I can't give clear explanation ... but
>> I hope you get the idea ...
>>
>> About cron, I think that wasn't bad idea ... user should know about the
>> session expiration in the Term of Service. If they agree with that ...
>> I think it is OK ... plus, we owned the site and what we do is simply
>> to protect them, right ...
>
> Why not prevent user B from logging in, and not kicking user A?
> If i were user A, i wouldn't like being kicked for someone else's
> "hacking" attempts.
> That's not my problem ...

Exactly - give the user a way to contact the site admin if they believe the
locking-out is incorrect. That way it can be sorted without a
logging-in-war :)

dave

[Back to original message]