Reputation: 6167
Allow one session only at a time
I would like to make my website to allow only one session at a time. For example, let say user has login to my website on firefox, if the user login again to another browser like opera on the same computer or different computer, the session on firefox will be destroyed. However, the session on firefox remained if it remains as one session. May I know how can I do that? I am using php and apache. Thank you.
Regards. Benjamin
Upvotes: 9
Views: 18873
Answers (6)
Reputation: 11
Store session id in the database. retrieve last login session id from db, set session id using session_id(oldid) and change session variables related to authentication like $_SESSION['LOGIN']
and destroy the session and create new session with new session id. follow example for logic https://www.php.net/manual/en/function.session-create-id.php.
this will make the last login allowed. validate on each page session variables related authentication. this makes it session invalid because of this session_id reset by a new login.
Upvotes: 1
Reputation: 2557
I'll suggest you to do something like this:
Suppose when user "A" loges in to the "Com_1", for the first time. Save a unique code in the database against that session, and same with the user session.
At the mean time if he (user "A") loges in again on "com_2", then check his status in the database and update the unique code in the database.
again back if same user (user "A") refreshes the page on "com_1", we all you need to do is check the unique code from the session and match it to the database, It is for sure it will not match, then log it out and destroy the session.
For keeping the user loggedin, even if browser is closed, you can store the cookie on the browser, and re-generate the session accoordingly.
Hope this helps. Thank you.
Upvotes: 12
Reputation: 8459
I think you'd have to do something like that :
- add a "last_session_id" column to your user table
- when a user logs in, update its last_session_id field with its current session id
- on each page, if the user has an authenticated session, check if the session id is equal to the one recorded in your database. If not, destroy this session.
Upvotes: 3
Reputation: 449603
Keep a central database table or text file of who is logged in at the moment. If a user is already logged in in another session, invalidate that session by setting the "logged in" flag to false.
Upvotes: 3
Reputation: 14365
Save users' IP=>SESSION_ID pairs in a database. When user try to load your page you must compare the actual IP=>SESSION_ID pair then allow/deny if the pair is ok/different.
Upvotes: 0
Reputation: 11497
You can use the following algorithm
- create an integer field in the databse userLoggedInCount
- On each login increment that flag and store the result in the session.
- On each request check the value in the database and the one in the session, and if the one in the session is less than the one in the DB,
invalidate()the session and decrement the value in the database - whenever a session is destroyed decrement the value as well
Credits to Bozho because he posted this, answering to a question here
Upvotes: 5
Related Questions
- Limit User to One session
- Laravel: Only allowing one session per user at a time
- Prevent more than one session from overwriting each other on the same website in PHP
- Multiple PHP Sessions
- Restrict access to page with PHP
- restrict users with sessions
- Server allowing only one request per session
- Restricting sessions to only 1 instance of a user login
- How to keep two sessions at a time for a single page?
- How to prevent a session