Welcome Guest, Not a member yet? Register   Sign In
Just a quick database design question
#11

[eluser]alboyd[/eluser]
[quote author="shinkaiu2" date="1251276097"]My site is entirely ajax based too[/quote]

What are you saying?
#12

[eluser]brianw1975[/eluser]
Sorry -- nonce is a number that is used only once. If you generate that number (random number based around the current time), record it to the database as a valid login session and then pass it to the browser as a var during the initial login you can then pass that nonce back and forth between the browser and the server and at any point the nonce doesn't match you can kill the session and force the user to log back in... this won't prevent them from logging in with two browsers, but it will make using two browsers a real pain. Just make sure to add some code in somewhere (probably a 5 minute timer in the javascript like some banks do) to automatically log the user out for security concerns.

It's rather intricate, but it could be done. Just remember, you'll never be able to stop them from at least trying to log in with more than 1 browser (and personally I wouldn't bother trying to prevent it, and in the end it may not be worth the extra effort if users find that not being able to log in with two browsers (or two tabs for that matter) is a pain) it would be if the site doesn't make use of some kind of "windowing" where they can pull up similar data from two different sources... not sure what they have access to, but an example would be comparing two different orders for a customer...

again, keep us updated on how you make out with this.




Theme © iAndrew 2016 - Forum software by © MyBB