Avatar of Soumaya Hachem
Soumaya Hachem

asked on 

how can I forbid a user from connecting with the same account on another computer.

If the user is connected to the site by a pc, forbid to connect to the same account on another pc
JavaPHPjQuery

Avatar of undefined
Last Comment
Member_2_248744
Avatar of zephyr_hex (Megan)
zephyr_hex (Megan)
Flag of United States of America image

You would need to store the IP address of the computer.  When a user authenticates to their account, check the IP address you have stored and restrict access if it does not match.

Note:  it's possible for more than one computer to have the same IP address if your site is external to that network.  Your site only sees the external IP address of the computers.
Avatar of Leonidas Dosas
@zephyr_hex
I agree with you but the user must have a static IP  to work your solution. An another proposal is to set a cookie into client browser. So when he connect in his account you can have a cookie validation code to check the client side. But if the user erase the cookie or the cookie expires then his has problem.
Or you can combine IP and cookie validation to do your work.
Avatar of Dave Baldwin
Dave Baldwin
Flag of United States of America image

I'm wondering why this is a problem.  I can connect to my Facebook and Experts Exchange accounts from as many computers as I want.
SOLUTION
Avatar of Ray Paseur
Ray Paseur
Flag of United States of America image

Blurred text
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
Avatar of Soumaya Hachem
Soumaya Hachem

ASKER

When the user is logged on to a computer I do not want it to connect to another computer it can connect to a phone or tablet but it can not connect with the same account on a computer at the same time
Avatar of Soumaya Hachem

ASKER

how can i make sure a user can only be logged in on one computer at a time?  Is there anything built into wordpress that prevents a user from being logged in more than once?
Avatar of Ray Paseur
Ray Paseur
Flag of United States of America image

Please read the article.  There is no such thing as a "user who is logged in."  All your server sees are requests* and all your server can do is make responses*
https://www.experts-exchange.com/articles/11271/Understanding-Client-Server-Protocols-and-Web-Applications.html

Maybe if you can tell us what you're trying to create or prevent we can offer some suggestions, but the idea that you can keep a client from using two different computers (but not different phone/tablets) is just unheard of.

* These are terms of art in the HTTP client/server world. The terms are explained in the article.
Avatar of Soumaya Hachem

ASKER

You do not always understand me gives you answers that do not make sense
Avatar of Soumaya Hachem

ASKER

I need a way to prevent a user from logging in on multiple computers at the same time.

Currently, when the user logs in, I store the userID in a session variable. At the same time I would like to delete all other sessions with the same userID. Is that possible?
Ray's answer makes perfect sense.

The answer is No.  You can't and shouldn't do this.
Avatar of Ray Paseur
Ray Paseur
Flag of United States of America image

But why in the world would you want to do this?  If you can tell us the reason for wanting this, we may be able to suggest a reasonable design pattern.  We don't need any technical explanation, just a plain language statement like, "I am building a lottery game that pays out money, and I don't want anyone to be able to simultaneously buy multiple tickets and win money from multiple computers" or "I am charging the client money by the minute for using my site and I'm trying to prevent them from getting overcharged."  If we know the use case for your motivation, we can probably suggest something helpful.
SOLUTION
Avatar of Dave Baldwin
Dave Baldwin
Flag of United States of America image

Blurred text
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
greetings Soumaya Hachem , , ,  Preventing the user sign in, if the user is already signed in, , In My View, is not a practical (usable) thing to do, you say -
    "Currently, when the user logs in, I store the userID in a session variable. At the same time I would like to delete all other sessions with the same userID. Is that possible?"

That's is NOT possible! The PHP session is ONLY accessible to the browser that stores the "Cookie" for the session.

It is possible to have a Database Table column with a True or False value for "UserLogIn". and you could set this to true, when that user Logs In, and not allow any other LOG IN for that user, while it is true.

BUT, as has been said, you would need to set the value to false, when the user is no longer there, This is extremely Unreliable, as the user can have several "Web Site" pages open in that browser at the same time, so you can not really tell when the user may stop using the web site. So usually if the user signs in , then he will never be able to log in again, because there's no fool proof way to set the database value to false, if the user stops looking at, or using that web site, with the cookie.

If you also want to be able to sign-in on phone while computer is using web site, then this gets real complicated, and even less possible.

There may be ways to "protect" certain information in a database, from a second user log-in? ?
But not, in my view, a one-size-fits-all user log-in prevention as you say u need.
What "DANGER" are you needing to prevent, from a second computer log-in? ?
Avatar of Soumaya Hachem

ASKER

Vous pouvez autoriser simultanément plusieurs sessions simultanées sur différents appareils. J'ai vu cela sur certains sites Web et nous devons avoir quelque chose de similaire. De cette façon, vous continuez à utiliser le site Web sur votre mobile et également le même temps sur votre tablette, mais vous ne pouvez pas l'utiliser sur un troisième appareil
Avatar of Soumaya Hachem

ASKER

i want Preventing a User From Having Multiple Concurrent Sessions if we look at the problem from another angle there is a way to prevent concurrent access by a user.
Avatar of Ray Paseur
Ray Paseur
Flag of United States of America image

Translation from the French
You can simultaneously allow multiple sessions simultaneously on different devices. I've seen this on some websites and we have to have something similar. This way you continue to use the website on your mobile and also the same time on your tablet but you can not use it on a third device.

We understand your objective, and as we have told you, it's nearly impossible to get it right.  What we are still not getting from you is why  you want to make this restriction.  What is the reason?
Avatar of Soumaya Hachem

ASKER

We need to keep records of login session and IP address used by each customer .
and also we need to control the login sessions
where the user can only login once
to prevent misuse of the service
otherwise someone can buy it and share it with other people
but we have to consider that one person may use different devices all same time. For example a person my use his mobile to access it and at the same he has a tablet and and may use it at desktop
think about and give me your ideas
ASKER CERTIFIED SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
This question has been inactive for 14 days, and clean up requires that this question be closed. Points split for comments that gave info and advice to reconsider.
PHP
PHP

PHP is a widely-used server-side scripting language especially suited for web development, powering tens of millions of sites from Facebook to personal WordPress blogs. PHP is often paired with the MySQL relational database, but includes support for most other mainstream databases. By utilizing different Server APIs, PHP can work on many different web servers as a server-side scripting language.

125K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
Ask the experts
Read over 600 more reviews

TRUSTED BY

IBM logoIntel logoMicrosoft logoUbisoft logoSAP logo
Qualcomm logoCitrix Systems logoWorkday logoErnst & Young logo
High performer badgeUsers love us badge
LinkedIn logoFacebook logoX logoInstagram logoTikTok logoYouTube logo