Posted by Jim Michaels on 02/12/06 10:51

"Gleep" <Gleep@Gleep.com> wrote in message
news:9vqlu118f85v2forkaavanehm2irhc862k@4ax.com...
> I've searched google intensely on this topic and it seems noone really
> knows how to approch this.
>
> The goal I don't want clients to give out their usernames and passwords to
> friends, since the site
> relies on subscrption fees.
>
> Sessions ID's are matched between the browser and the server. So a users
> can login with same
> username and password and those sessions are tracked individually.
>
> Some suggest create table fields with the session ID and a time stamp.
> However my clients can spend
> alot of time on a page and I don't want to force them to re-login, would
> be annoying.
>
> On the other hand, some clients do not logout properly and sessions open
> active and/or a script that
> runs the timestamp does not clear that field. Then the next they login the
> stamp reads that they are
> active and will not allow them to login.
>
> I'm an experienced PHP programmer yet this task has got me going in
> circles. Everytime I think I
> have a method worked out - there is a reason why it won't.
>
> The approach I'm considering now is to grab and loop all the server
> sessions username values - then
> compare those values to a flaged "logged-in" field from the user table.
> That way if a flag is
> negative I will allow the user to login in and create a session and flag
> that field. If a session
> does not exist then the flag is cleared. I would run the cron 10 minute
> intervals. If I find 2
> sessions with same username I unset both - then fire off an email to the
> client reminding them
> multiple logins are a bad thing
>
> Does this sound right? Anyone else have a better idea?
>

one idea is to get the IP address of the browser. that can help some in
loggin the attempt. but pyou're probably going to have to attach the login
attempt info along with the login info table. things like maybe IP address,
timestamp of successful login. update the timestamp upon every use of a
page. (timestamp is suggestion from an earlier post)

problem. you can have multiple browsers open on the same desktop. one IP
address. multiple logins. opening another browser (one with session, one
without) could cause a ruckus with your code if you don't handle it, but it
could be an indicator of a new browser and how to handle it is up to you)


drawback to using IP address: dialup users get disconnected a lot and have
to change addresses.
IP addresses behind a proxy/firewall on some ISPs will appear to be the same
for all of their users.

[Back to original message]