Welcome Guest, Not a member yet? Register   Sign In
Log info
#1

[eluser]Suanko[/eluser]
I made a database both for my app user list (users table) and for the sessions (sessions table).

I don’t want 2 people to connect both with the same login/password.

What happen if a user close the window without logout first? Next time he will connect, how can i avoid the system to reply “you’re already connected”? Shall i check the session table for user_data->status in the login script?
#2

[eluser]Suanko[/eluser]
I am a bit surprised there is no answer on this post, i thought i would not be the only one to have this problem.
Maybe my post wasn't documented enough? Second try, here is an entry of my session table :

Code:
session_id = dcac95944224c5c7558e56d17c22913f
ip_address = 150.70.84.24
user_agent = Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
last_activity = 1227575589
user_data = a:2:{s:6:"status";s:2:"OK";s:10:"user_email";s:14:"[email protected]";}

The user "[email protected]" has exited the site by closing the browser window. So the session entry hasn't been deleted yet.
How can i handle the system if this user try to connect the website again? I'm not searching for a pure code help here, i just need global view of how login/logoff with sessions works.
#3

[eluser]Suanko[/eluser]
I think i take the problem from the wrong side :

I was trying to check the session table on login to find if the user was already logged. In fact, it works the other way : i don't have to check this but instead i have to check if the user session is still active, on some functions/pages, so i know that this user is still logged in.

I wonder how to avoid two person to log with the same login/password though...
#4

[eluser]Maarten B[/eluser]
[quote author="Suanko" date="1227622215"]I wonder how to avoid two person to log with the same login/password though...[/quote]

I've made an application that prevents just that, for security reasons. Let's say a user is working on computer A and logged in. The user than walks to computer B and logs in again. My app allows this, but the session on computer A is then canceled, meaning that the user will see a login screen on computer A when he/she clicks on an action in the app on that computer.

I've done this by making a library that autoloads (directly after CI's database lib) and is always run first before the controller of a page is loaded. My library checks if a user is logged in and what the rights are that the user has. If the user was already logged in, the library destroys the original session and creates a new one.

As far as I know you have to program this yourself, it's not a feature of CI.

Good luck with it!


Maarten
#5

[eluser]simshaun[/eluser]
I would add 2 columns to the users table: is_logged_in & login_time

Upon login,
- If is_logged_in = 1 & login_time is not expired (I'd have a 10 minute expire time [now() + 600]), then alert user that they are already logged in. (Failure)
- Else, set is_logged_in = 1 & set login_time to the current timestamp. (Success)




Theme © iAndrew 2016 - Forum software by © MyBB