myyis
asked on
User login check
What's the simplest way to prevent users login from 2 different computers at a time.
(The first login will be closed when s/he logs from another computer)
(The first login will be closed when s/he logs from another computer)
Ray Paseur
There is no simple answer. Why are you trying to do this? It doesn't make sense. What if I want to visit your site from my iPhone and my iPad at the same time? Why would you want to prevent me from doing that?
ASKER
Ok the case is:
For security purpose the client wants this. He sometimes use others' computers and it is possible that he may forget to logout from that computer. So he wants a backup security at least when he logs in from his computer.
He says that MSN has a warning feature asking "another MSN is running in another computer, do you want to close that"
He wants something similar.
For security purpose the client wants this. He sometimes use others' computers and it is possible that he may forget to logout from that computer. So he wants a backup security at least when he logs in from his computer.
He says that MSN has a warning feature asking "another MSN is running in another computer, do you want to close that"
He wants something similar.
It's going to cause more trouble than it's going to prevent, but having said that, here is what you can do. Set a cookie on the client browser with the indicator of a data base record. The data base record will contain the IP address of the last known login, and the time of the login. When the client logs out, the data base record is cleared. When an attempt is made to login, the data base is checked and if there is a record with a different IP address, you raise the error signal. Then you update the data base record with the new IP address. Whenever the IP address changes in the request, you ask for the password again. Conceptually this is very much like the way the ATM works -- you have to give your password for each transaction that causes money to change hands. On the WWW, with a login script, this is a colossal pain in the ass. But if that's what the client wants and she's paying for it, you've got to do it.
ASKER
Thank you. 2 questions.
1. Why I need to set a cookie?
2. How will the first computer will understand that the IP is changed in DB? Will I make a database check just before any action of the user?
1. Why I need to set a cookie?
2. How will the first computer will understand that the IP is changed in DB? Will I make a database check just before any action of the user?
There are many layers of knowledge necessary before you can "get" the answer here. I will try to set the table for you.
HTTP client/server protocols dictate (at least in part) how the request/response system works.
https://www.experts-exchange.com/Web_Development/Web_Languages-Standards/A_11271-Understanding-Client-Server-Protocols-and-Web-Applications.html
The first computer does not "understand" anything. All requests are atomic, complete and stateless. The request that is received by the server will use the cookie data and the database to check the information stored on the server. Once this is known, the server will formulate a response.
This is not a simple question at all. You might want to consider hiring a professional programmer to help with the work. Maybe eLance or similar can help you find an experienced developer. I wish it were easy, but the nature of the client/server systems makes it an (almost) unreasonable request.
HTTP client/server protocols dictate (at least in part) how the request/response system works.
https://www.experts-exchange.com/Web_Development/Web_Languages-Standards/A_11271-Understanding-Client-Server-Protocols-and-Web-Applications.html
The first computer does not "understand" anything. All requests are atomic, complete and stateless. The request that is received by the server will use the cookie data and the database to check the information stored on the server. Once this is known, the server will formulate a response.
This is not a simple question at all. You might want to consider hiring a professional programmer to help with the work. Maybe eLance or similar can help you find an experienced developer. I wish it were easy, but the nature of the client/server systems makes it an (almost) unreasonable request.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I found answers to my 2 questions here.
http://stackoverflow.com/questions/1727919/how-to-prevent-multiple-logins-in-php-website
Is there a catch?
Thank you.
http://stackoverflow.com/questions/1727919/how-to-prevent-multiple-logins-in-php-website
Is there a catch?
Thank you.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you