I have a website running on my local network. There is a login form which validates the user from database table and redirects to main page.When the user is found the username is set to a session variable Eg. $_SESSION['login_user'] = $loginuser . On logout the session is destroyed with session_destroy();
Works but, suppose I have logged in with user A and I use the same login on another computer on network, It will still login the user even if another pc is logged in with it.
Basically I don’t want multiple logins of a single user from different machines on the website.
That’s a very simple login concept which you will need to re-work in order to achieve what you want.
You will need to use a database to keep track of who is logged in (which may include IP, browsers user agent, date & time, whatever…). Ever time the logged in user accesses a page, you can them re-authenticate them using the data in the database. This will give you the control to be able to “log out” a user as and when you need to. Therefore when the same user logs in from another machine, you can terminate the original session.
Does that make sense?
With my site that that I’m working on I store the sessions in a database table, one of the fields in that table is for the ID number of a user (set for 0 when a sessions is a user that isn’t logged in). When someone logs in I update the user ID field for that session with the user ID for that user (will set it to also regenerate the session ID at that point for the live site). You could use a similar set-up but have an extra query delete all sessions for the user that don’t have that user’s current session ID (on the browser and computer combination that they’ve just logged in on).
This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.