Avoid Multiple Login

vincmeister · 08-23-2017, 09:33 PM

Hello,

How to avoid user multiple login at same time from many browser?
Thank you

**mudmin** · 08-24-2017, 09:57 AM

We've talked about this. I'm not really sure how to prevent it. I have a few ideas. I'll will give it a shot and see what I can come up with.

vincmeister · 08-24-2017, 10:51 AM

Great. Can't wait to hear the update
Lot of thanks

karsen · 08-24-2017, 05:47 PM

If you record a user's session in the database on login, each time a user loads a page from any location you can check if the current session matches the one in the database. Since each login from other browsers or devices will create a new session ID each time, the most recent login will be the one recorded in the database and all other logins will basically be expired. In your check, if the sessions don't match you can log them out and redirect them to login (perhaps with a message that they have since logged in elsewhere).

**mudmin** · 08-24-2017, 10:45 PM

I can give you some code to test off the top of your head that shouldn't break anything. Go into your users table and add a column called session (varchar 255).

Go to usersc/scripts/just_after_login.php and put this...

Code:
$session = Token::generate();

Code:
session_id($session);

Code:
$db->update('users',$user->data()->id,['session'=>$session]);

Then in usersc/includes/head_tags.php put

Code:
if($users->data()->session != $_SESSION['token']){

Code:
Redirect::to('http://mydomain.com/users/logout.php');

Code:
}

Give that a whirl and see what happens.

Login




Remember me Lost Password?