User login check

What's the simplest way to prevent users login from 2 different computers at a time.
(The first login  will be closed when s/he logs from another computer)
LVL 1
myyisAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Ray PaseurCommented:
There is no simple answer.  Why are you trying to do this?  It doesn't make sense.  What if I want to visit your site from my iPhone and my iPad at the same time?  Why would you want to prevent me from doing that?
0
myyisAuthor Commented:
Ok the case is:
For security purpose the client wants this. He sometimes use others' computers and it is possible that he may forget to logout from that computer. So he wants a backup security at least when he logs in from his computer.
He says that MSN has a warning feature asking "another MSN is running in another computer, do you want to close that"
He wants something similar.
0
Ray PaseurCommented:
It's going to cause more trouble than it's going to prevent, but having said that, here is what you can do.  Set a cookie on the client browser with the indicator of a data base record.  The data base record will contain the IP address of the last known login, and the time of the login.  When the client logs out, the data base record is cleared. When an attempt is made to login, the data base is checked and if there is a record with a different IP address, you raise the error signal.  Then you update the data base record with the new IP address. Whenever the IP address changes in the request, you ask for the password again.  Conceptually this is very much like the way the ATM works -- you have to give your password for each transaction that causes money to change hands.  On the WWW, with a login script, this is a colossal pain in the ass.  But if that's what the client wants and she's paying for it, you've got to do it.
0
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

myyisAuthor Commented:
Thank you. 2 questions.

1. Why I need to set a cookie?
2. How will the first computer will understand that the IP is changed in DB? Will I make a database check just before any action of the user?
0
Ray PaseurCommented:
There are many layers of knowledge necessary before you can "get" the answer here.  I will try to set the table for you.

HTTP client/server protocols dictate (at least in part) how the request/response system works.
http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/A_11271-Understanding-Client-Server-Protocols-and-Web-Applications.html

The first computer does not "understand" anything.  All requests are atomic, complete and stateless.  The request that is received by the server will use the cookie data and the database to check the information stored on the server.  Once this is known, the server will formulate a response.  

This is not a simple question at all.  You might want to consider hiring a professional programmer to help with the work.  Maybe eLance or similar can help you find an experienced developer.  I wish it were easy, but the nature of the client/server systems makes it an (almost) unreasonable request.
0
tel2Commented:
Is the IP address always going to change from computer to computer, myyis?  If not, using IP address to detect the change of location won't work.  Maybe the browser's "fingerprint" (or whatever it's called) could be used:
    www.pcworld.com/article/188161/browserfingerprint.html
0
myyisAuthor Commented:
I found answers to my 2 questions here.

http://stackoverflow.com/questions/1727919/how-to-prevent-multiple-logins-in-php-website

Is there a catch?

Thank you.
0
Ray PaseurCommented:
I don't see a "catch" if you don't.  It seems to implement what I described here.  But it changes the expected behavior of the client/server relationship and eventually it will result in a pissed-off customer and a bunch of time-wasting activities in the tech support office.  Good luck with it, ~Ray
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
myyisAuthor Commented:
Thank you
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
PHP

From novice to tech pro — start learning today.