• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 330
  • Last Modified:

php user login

How to prevent more than 1 person using the same user account to login?

(Especially when s/he not logs out but just closes the window)

Thank you
2 Solutions
If you are using PHP's built in sessions feature. You can get the Session's ID using $session_id = session_id();

When a user logs in you could take the session id that it generates and store it into a database under that user's account. Then on each page check to see if the current Session ID matches the one stored in the database for that user (If not, kill the current session and redirect them to a sign in page).

The session id will be different on each device they login using.

Does that make sense?
tyuretAuthor Commented:
It makes sense but I don't prefer to make a database query for every page. Is there another alternative?
You're going to need to make a record of it somewhere.  In a database, or in a file, it really doesn't matter.  But once the script ends at the end of the request, everything in memory is gone.  Even session information is written to disk.

A properly indexed sessions table isn't going to that big of a performance hit, but a hit none the less.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now