+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Archived Discussions (https://forum.codeigniter.com/forumdisplay.php?fid=20)
+--- Forum: Archived Development & Programming (https://forum.codeigniter.com/forumdisplay.php?fid=23)
+--- Thread: How can i kick first Logged user? (/showthread.php?tid=19615)
How can i kick first Logged user? - El Forum - 06-12-2009
[eluser]vps4[/eluser]
If first user has Logged.
then another guy login from another ip address with same username and password, how can I kick first user?
How can i kick first Logged user? - El Forum - 06-12-2009
[eluser]Dam1an[/eluser]
You would need to put a check on every page (MY_Controller constructor) which checks that users ID against a list of currently active user IDs. If the users ID is found in this list, destroy their session, kicking them out (a nice message would be useful too
)
How can i kick first Logged user? - El Forum - 06-12-2009
[eluser]TheFuzzy0ne[/eluser]
Just store it in the database:
user_id | ip_address
When the user logs in, update the IP address. Check on each following request that the IP address matches the one in the database, if it doesn't, someone else has logged in (thus changing the IP address), so log the other user out on his next request.
EDIT: You could also change the field to reflect the user agent instead, so logging on with a different browser would also kill the old session on the next request.
How can i kick first Logged user? - El Forum - 06-12-2009
[eluser]slowgary[/eluser]
I'm pretty sure it's possible that the user's IP address could change mid-session. Some proxies do this, probably most commonly at universities. You might want to check a combination of fields to determine whether it's the same user or not, including the user agent.
You could just skip the check altogether and kick them out upon an attempt to login. I think that's what Dam1an was getting at. So if a user is already logged in and attempts to login again, you'd destroy the first session. This method would require you to hide login forms from logged in users.
How can i kick first Logged user? - El Forum - 06-12-2009
[eluser]jedd[/eluser]
Yup, that's the approach I'd take if you want to limit concurrent logins to 1 - give 'em a hash in the cookie (gosh that sounds like something from college) at authentication time, stick it in the session, save it to a db table, and check it on each page load. De-authenticate the user if it doesn't match.