• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 196
  • Last Modified:

Prevent a same user id to login at diff place at the same time

I want to prevent a same user id to login at diff place at the same time, how do I achieve this? Besides, using database, what other solutions can be use?
0
greenbean
Asked:
greenbean
1 Solution
 
Cyril_HCommented:
If you're using sessions variables, you can store UserID in one of them and when the user login, just check for the existence of the session variables.

<CFIF IsDefined("Session.#UserID#")>
   User already logged in.
<CFELSE>
   <CFSET Session.#UserID# = "whatever">
</CFIF>


0
 
manonngCommented:
hi

you can check against with a table which held all the current user ID at the login page.

manon
0
 
cheekycjCommented:
IMHO, session check is better b/c if you flag a user in the DB as logged in.. how do you update that when the session expires and user never clicks logout.. (just closes the browser)

CJ
0
Receive 1:1 tech help

Solve your biggest tech problems alongside global tech experts with 1:1 help.

 
webdiva69Commented:
I agree just set a session variable.
0
 
greenbeanAuthor Commented:
My 2 cents: by using DB, I keep track of the user last login time in a track table. The entry is created when the user login, and if let say the user did properly log out, the entry will be deleted, else the entry remains in the table.

What the system does actually : upon a user login, the system will check the user current login time with the table entry(if any), if the current login time > (last login time + 30 mins), the login is valid, else is invalid.

So, if the user did not logout properly, he/she will not be able to login again til, let say 30 mins later (which is equiv to a session timeout period, probably).

The problem with this solution is, users very often forgot to logout properly, so they will be probably denied access very often.

Anyway, I'll tried out the session method and let u know the results!
0
 
cheekycjCommented:
greenbean: Your solution is a good one and has been discussed as an alternative to the session one quite frequently the only con as you said is that if the user doesn't logout properly, they could be denied access upon next logon.

The key here is upon every page access you must update a last accessed flag in the DB. and your DB process that cleans out logged in users must check that flag and clean out those users at the same time their regular session time out must happen... which means this process must run frequently and the updates will be quite much too.  You start to depend too heavily on the DB, which to begin with is the bottleneck for most web sites when it comes to scalability.

CJ
0
 
greenbeanAuthor Commented:
Ok, in this case, session would be a better solution. But, at the same time, how do I prevent improper logout without the use of DB?
0
 
cheekycjCommented:
What do you mean by "prevent improper logout" won't session expiry take care of that?
0
 
anandkpCommented:
Hi there,

Incase u r not using sessions - then may be u could try this !!!

1. as soon as a user logs in - update a field in table as "loggedin = 'Y'"

2. now if the same user tries to log in from anywhere - just check [if the loggedin = 'Y'] before allowing a user to log in

if its equal to 'Y' - then throw him out - else log him in

simple !!!

K'Rgds
Anand
0
 
mrichmonCommented:
No comment has been added lately, so it's time to clean up this question.
I will leave the following recommendation in the Cleanup topic area:

Accept cheekycj

Please leave any comments here within the next four days.

mrichmon
EE Cleanup Volunteer
0

Featured Post

[Webinar] Database Backup and Recovery

Does your company store data on premises, off site, in the cloud, or a combination of these? If you answered “yes”, you need a data backup recovery plan that fits each and every platform. Watch now as as Percona teaches us how to build agile data backup recovery plan.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now