Log info |
[eluser]Suanko[/eluser]
I made a database both for my app user list (users table) and for the sessions (sessions table). I don’t want 2 people to connect both with the same login/password. What happen if a user close the window without logout first? Next time he will connect, how can i avoid the system to reply “you’re already connected”? Shall i check the session table for user_data->status in the login script?
[eluser]Suanko[/eluser]
I am a bit surprised there is no answer on this post, i thought i would not be the only one to have this problem. Maybe my post wasn't documented enough? Second try, here is an entry of my session table : Code: session_id = dcac95944224c5c7558e56d17c22913f The user "[email protected]" has exited the site by closing the browser window. So the session entry hasn't been deleted yet. How can i handle the system if this user try to connect the website again? I'm not searching for a pure code help here, i just need global view of how login/logoff with sessions works.
[eluser]Suanko[/eluser]
I think i take the problem from the wrong side : I was trying to check the session table on login to find if the user was already logged. In fact, it works the other way : i don't have to check this but instead i have to check if the user session is still active, on some functions/pages, so i know that this user is still logged in. I wonder how to avoid two person to log with the same login/password though...
[eluser]Maarten B[/eluser]
[quote author="Suanko" date="1227622215"]I wonder how to avoid two person to log with the same login/password though...[/quote] I've made an application that prevents just that, for security reasons. Let's say a user is working on computer A and logged in. The user than walks to computer B and logs in again. My app allows this, but the session on computer A is then canceled, meaning that the user will see a login screen on computer A when he/she clicks on an action in the app on that computer. I've done this by making a library that autoloads (directly after CI's database lib) and is always run first before the controller of a page is loaded. My library checks if a user is logged in and what the rights are that the user has. If the user was already logged in, the library destroys the original session and creates a new one. As far as I know you have to program this yourself, it's not a feature of CI. Good luck with it! Maarten
[eluser]simshaun[/eluser]
I would add 2 columns to the users table: is_logged_in & login_time Upon login, - If is_logged_in = 1 & login_time is not expired (I'd have a 10 minute expire time [now() + 600]), then alert user that they are already logged in. (Failure) - Else, set is_logged_in = 1 & set login_time to the current timestamp. (Success) |
Welcome Guest, Not a member yet? Register Sign In |