We help IT Professionals succeed at work.

how can I forbid a user from connecting with the same account on another computer.

Soumaya Hachem
on
150 Views
Last Modified: 2017-05-14
If the user is connected to the site by a pc, forbid to connect to the same account on another pc
Comment
Watch Question

CERTIFIED EXPERT
Top Expert 2010

Commented:
You would need to store the IP address of the computer.  When a user authenticates to their account, check the IP address you have stored and restrict access if it does not match.

Note:  it's possible for more than one computer to have the same IP address if your site is external to that network.  Your site only sees the external IP address of the computers.
CERTIFIED EXPERT
Distinguished Expert 2017

Commented:
@zephyr_hex
I agree with you but the user must have a static IP  to work your solution. An another proposal is to set a cookie into client browser. So when he connect in his account you can have a cookie validation code to check the client side. But if the user erase the cookie or the cookie expires then his has problem.
Or you can combine IP and cookie validation to do your work.
Dave BaldwinFixer of Problems
CERTIFIED EXPERT
Most Valuable Expert 2014

Commented:
I'm wondering why this is a problem.  I can connect to my Facebook and Experts Exchange accounts from as many computers as I want.
Most Valuable Expert 2011
Author of the Year 2014
Commented:
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION

Author

Commented:
When the user is logged on to a computer I do not want it to connect to another computer it can connect to a phone or tablet but it can not connect with the same account on a computer at the same time

Author

Commented:
how can i make sure a user can only be logged in on one computer at a time?  Is there anything built into wordpress that prevents a user from being logged in more than once?
Most Valuable Expert 2011
Author of the Year 2014

Commented:
Please read the article.  There is no such thing as a "user who is logged in."  All your server sees are requests* and all your server can do is make responses*
https://www.experts-exchange.com/articles/11271/Understanding-Client-Server-Protocols-and-Web-Applications.html

Maybe if you can tell us what you're trying to create or prevent we can offer some suggestions, but the idea that you can keep a client from using two different computers (but not different phone/tablets) is just unheard of.

* These are terms of art in the HTTP client/server world. The terms are explained in the article.

Author

Commented:
You do not always understand me gives you answers that do not make sense

Author

Commented:
I need a way to prevent a user from logging in on multiple computers at the same time.

Currently, when the user logs in, I store the userID in a session variable. At the same time I would like to delete all other sessions with the same userID. Is that possible?
CERTIFIED EXPERT
Top Expert 2010

Commented:
Ray's answer makes perfect sense.

The answer is No.  You can't and shouldn't do this.
Most Valuable Expert 2011
Author of the Year 2014

Commented:
But why in the world would you want to do this?  If you can tell us the reason for wanting this, we may be able to suggest a reasonable design pattern.  We don't need any technical explanation, just a plain language statement like, "I am building a lottery game that pays out money, and I don't want anyone to be able to simultaneously buy multiple tickets and win money from multiple computers" or "I am charging the client money by the minute for using my site and I'm trying to prevent them from getting overcharged."  If we know the use case for your motivation, we can probably suggest something helpful.
Dave BaldwinFixer of Problems
CERTIFIED EXPERT
Most Valuable Expert 2014
Commented:
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION

Commented:
greetings Soumaya Hachem , , ,  Preventing the user sign in, if the user is already signed in, , In My View, is not a practical (usable) thing to do, you say -
    "Currently, when the user logs in, I store the userID in a session variable. At the same time I would like to delete all other sessions with the same userID. Is that possible?"

That's is NOT possible! The PHP session is ONLY accessible to the browser that stores the "Cookie" for the session.

It is possible to have a Database Table column with a True or False value for "UserLogIn". and you could set this to true, when that user Logs In, and not allow any other LOG IN for that user, while it is true.

BUT, as has been said, you would need to set the value to false, when the user is no longer there, This is extremely Unreliable, as the user can have several "Web Site" pages open in that browser at the same time, so you can not really tell when the user may stop using the web site. So usually if the user signs in , then he will never be able to log in again, because there's no fool proof way to set the database value to false, if the user stops looking at, or using that web site, with the cookie.

If you also want to be able to sign-in on phone while computer is using web site, then this gets real complicated, and even less possible.

There may be ways to "protect" certain information in a database, from a second user log-in? ?
But not, in my view, a one-size-fits-all user log-in prevention as you say u need.
What "DANGER" are you needing to prevent, from a second computer log-in? ?

Author

Commented:
Vous pouvez autoriser simultanément plusieurs sessions simultanées sur différents appareils. J'ai vu cela sur certains sites Web et nous devons avoir quelque chose de similaire. De cette façon, vous continuez à utiliser le site Web sur votre mobile et également le même temps sur votre tablette, mais vous ne pouvez pas l'utiliser sur un troisième appareil

Author

Commented:
i want Preventing a User From Having Multiple Concurrent Sessions if we look at the problem from another angle there is a way to prevent concurrent access by a user.
Most Valuable Expert 2011
Author of the Year 2014

Commented:
Translation from the French
You can simultaneously allow multiple sessions simultaneously on different devices. I've seen this on some websites and we have to have something similar. This way you continue to use the website on your mobile and also the same time on your tablet but you can not use it on a third device.

We understand your objective, and as we have told you, it's nearly impossible to get it right.  What we are still not getting from you is why  you want to make this restriction.  What is the reason?

Author

Commented:
We need to keep records of login session and IP address used by each customer .
and also we need to control the login sessions
where the user can only login once
to prevent misuse of the service
otherwise someone can buy it and share it with other people
but we have to consider that one person may use different devices all same time. For example a person my use his mobile to access it and at the same he has a tablet and and may use it at desktop
think about and give me your ideas
CERTIFIED EXPERT
Top Expert 2010
Commented:
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION

Commented:
This question has been inactive for 14 days, and clean up requires that this question be closed. Points split for comments that gave info and advice to reconsider.
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a sample view!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.