Jeremy Johnstone wrote:
Here is a possible solution, but I don't know if it will work for your purposes:
When a user logs in to your site, as part of the session store a random
string (say a logincheck). Also insert this value into the database on
the same row as the username/password is stored. Then on every page load
check and make sure that "logincheck" string is valid. If someone tries
to login again, the new "logincheck" will be stored in the database, and
thus will make the first session invalid.
The only drawback to this approach is that it logs out the first user, and doesn't notify the second user they shouldn't be logging in twice. It still does the job of allowing only one login per user quite effectively though.
Jeremy
On Tue, 2003-09-23 at 17:38, Ney André de Mello Zunino wrote:
Hello.
Is there any facility in PHP's session management library which allows one to have a full view of the active sessions? In other words, is it possible to check the existance and value of a given session variable in any of the active sessions?
My goal is to make sure a user's access information is not used more than once to log into the system. So, when a user submits the authentication data, I would like to see if that login has already been used, i.e., there is a session variable in some session storing the login name and which contains the same value.
At present, I can't think of another way of doing it other than directly accessing the session files on /tmp (assuming session data is being stored in files). But I don't like that idea quite so much. A cleaner solution which I have also considered is to have a column in the users table which indicates his login state. Before I go for the latter approach, I would just like to learn from you whether what I asked is possible.
Thanks in advance,
--
Ney André de Mello Zunino
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
