Reputation: 147
Delete Session value from second computer
I created a login to my site. After an user logged in I store the user ID and an action (=Logged in) in a database and $_SESSION['loggedin']==TRUE. (if log out the action in DB will Logged out and session will destroyed) If somebody wants to log in again with the same username from a second computer I will not allow it because the last row in the database is 'Logged in' and of course the user ID will the same too. So I do not want to allow multiple connection from one username. Now here I want to put a link: "Disconnect the other connection".
For example: I logged in the school but I forget to logout, then I try to log in at home but it will failed because I am logged in (session is alive) another place so if I click "Disconnect the other connection" link I want to delete the session value in the school (change the action value in DB is not enough because if I change it to Logged out the session is still alive and multiple connection will available)
How can I prevent the multiple connection from one username?
Upvotes: 0
Views: 520
Answers (2)
Reputation: 46
Sounds like what you'd need to do is save something to identify individual connections, like say a number that you make go up by one every time the account logs in.
For example, say you log in with a user with the ID one, it's the fifth time you log in so you save this to the DB: UserID=1, State="Logged In", ConnectionID=5 To the session you save: $_SESSION['loggedin']=TRUE and $_SESSION['ConnectionID']=5
When you log in the next time you check if there is a connection for that account that hasn't been logged out if that is the case you either update the existing row to set the state to logged out or if you want to log times create a new entry with the state as logged out (UserID=1, State="Logged Out", ConnectionID=5) and of course you also insert a row for your new connection, connection 6.
After that all you need is to have code on your site that runs, possibly, every time a page loads where you check if there are any rows in the database that have the same ConnectionID as you have saved in the $_SESSION and if they have an action set as logged out, if that is the case you destroy the session which will log the previous connection out.
Hopefully this gives you a good idea of how you could possibly do this. I'm sure there are other options as well.
If you only care about an account only being logged in from one place and you aren't interested about logging when they logged in out out you can just save the UserID and ConnectionID to the database and then just do check if the ConnectionID in the database is the same as the one in the Session, if not, you kill the session.
Upvotes: 1
Reputation: 360732
the only not-so-reliable method is check IP addresses, and this fails badly when the user is behind a NAT gateway (e.g. cellular data connection, home router, etc...). Your best bet is to simply delete any existing session if a user goes through the login sequence again with a previously open session going. something along the lines of
login.php:
<?
check_password_stuff();
if (user_is_already_logged_in()) {
delete_login();
}
do_login_stuff();
Upvotes: 0
Related Questions
- How do I delete PHPSESSID on client computers
- how to delete/destroy/unset a specific php session
- How to delete/invalidate a php session different to the current one
- Delete Individual Sessions in PHP
- How to delete a PHP session?
- Remotely destroy a session in php (user logs in somewhere else)?
- Deleting session from one browser in second browser
- how to destroy exact session
- How to properly delete a PHP session?
- Destroy session variables in another application