Welcome Guest, Not a member yet? Register   Sign In
1 user account can log on at a time
#1

[eluser]rickoverman[/eluser]
Hi All,

I am trying to figure out how to handle user logins. At the moment i have a login system where a single user can logon on diffrent pc's at the same time.

But now im trying to implement some security that when a user is logged in a specific account on one pc , another person can not logon with the same account on another pc untill the user of the other pc is logged out (or session is expired).

Can someone maybe point me in the right direction?

Thanks in advanced

All the best,
R
#2

[eluser]brianw1975[/eluser]
Look in application/config/config.php

Code:
$config['sess_cookie_name']     = 'ci_session';
$config['sess_expiration']    = 7200;
$config['sess_encrypt_cookie']    = FALSE;
$config['sess_use_database']    = FALSE;
$config['sess_table_name']    = 'ci_sessions';
$config['sess_match_ip']    = FALSE;
$config['sess_match_useragent']    = TRUE;
$config['sess_time_to_update']     = 300;

You can try changing $config['sess_match_ip'] = FALSE; to TRUE, but judging how effective that is would be tough.

Did you do a search on the forums? This same question was asked just a couple of days ago.
#3

[eluser]kurucu[/eluser]
I don't think that would work - all that does is ensure that the session is unique to a particular PC. What data is stored in it (and thus, who is logged in) is reliant on your code.

I would have thought that, before login, you'd have to get all current sessions from the DB, deserialise them and check each one for the same user id. Then, decide whether the new logs out the old (delete the session row) or the new can't login.

The problem with the latter is that the user may not be able to log in if he closed the browser window without logging out - it would look like a second log in attempt, but actually would still only be one. A suggestion would be to a) allow them to log out previous log-ins or b) do this automatically. Final option c) provide a management destroy all sessions for user x facility; but that's horrible.
#4

[eluser]rickoverman[/eluser]
Hi thanks for your replies, i have figured out a solution which resembles mostly @kurucu. As i dont have time at the moment to create it, i will post my solution shorty.




Theme © iAndrew 2016 - Forum software by © MyBB