How can i kick first Logged user?

[eluser]vps4[/eluser]
If first user has Logged.
then another guy login from another ip address with same username and password, how can I kick first user?

[eluser]Dam1an[/eluser]
You would need to put a check on every page (MY_Controller constructor) which checks that users ID against a list of currently active user IDs. If the users ID is found in this list, destroy their session, kicking them out (a nice message would be useful too )

[eluser]TheFuzzy0ne[/eluser]
Just store it in the database:

user_id | ip_address

When the user logs in, update the IP address. Check on each following request that the IP address matches the one in the database, if it doesn't, someone else has logged in (thus changing the IP address), so log the other user out on his next request.

EDIT: You could also change the field to reflect the user agent instead, so logging on with a different browser would also kill the old session on the next request.

[eluser]slowgary[/eluser]
I'm pretty sure it's possible that the user's IP address could change mid-session. Some proxies do this, probably most commonly at universities. You might want to check a combination of fields to determine whether it's the same user or not, including the user agent.

You could just skip the check altogether and kick them out upon an attempt to login. I think that's what Dam1an was getting at. So if a user is already logged in and attempts to login again, you'd destroy the first session. This method would require you to hide login forms from logged in users.

[eluser]jedd[/eluser]
Yup, that's the approach I'd take if you want to limit concurrent logins to 1 - give 'em a hash in the cookie (gosh that sounds like something from college) at authentication time, stick it in the session, save it to a db table, and check it on each page load. De-authenticate the user if it doesn't match.