Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

PHP - Stop Concurrent User Logins

Tags:

php

mysql

session

login

user-management

I need a method of stopping concurrent logins using PHP/MySQL.

The current setup

Currently there are 2 people sharing the same login on a system i have built internally where i work. Due to the nature of the system i dont want them both logging in.

What I have tried

Around 10 articles on stackoverflow and googled for as long as i can.

I also attempted adding a "loggedin" field in the user table which upon logging in was set to 1 and upon logging out was set to 0. Then if the same user credentials where used at login, it would fail.

The problem i had was that if the person who was logged in shut down the browser without logging out properly, it wasnt updating the database. Then i get a phone call from that person and i would have to reset the value to 0 in the database.

This isn't feasible going forward as the product is being rolled out to around 20 people internally soon.

What I need

What i need is to find a way that when the browser closes a script gets executed to update the database. Alternatively a way of reading every current session on the server, which i could manipulate, or something else.

Restrictions

Our hosting providers are awful and subsequently what changes i can make to the server are limited/impossible. The hosting is a shared hosting solution.

like image 818
itsphil Avatar asked May 25 '11 14:05

itsphil

People also ask

How do I stop multiple logins from the same user in PHP?

To prevent the user from login on multiple systems or web browsers you need to generate a token on each successful login attempt. Need to check the token on each page. If the token does not match then destroy the SESSION and log out the user.

How do I stop concurrent logins?

Navigate to Product Settings → Connection → General Settings. Check the box next to Deny Concurrent Logins. Once enabled, the user will not be able to log in from another device at the same time. Other active sessions will not be affected by this change.

2 Answers

What i need is to find a way that when the browser closes a script gets executed to update the database.

You can't.

Your best solution may be associating the session ID with the user in the database. If the session ID on the user's computer doesn't match the most recent session ID in the database, make them log in and update the db.

like image 184
ceejayoz Avatar answered Oct 04 '22 19:10

ceejayoz

perhaps you should flip this around.

the person trying to log in gets a new session, and the new session invalidates any old sessions for the same username (thus logging them out)

this way only one person can be logged in at a time.

like image 41
David Chan Avatar answered Oct 04 '22 17:10

David Chan
Sign in to Comment

Related questions

parallel downloads in PHP
PHP RecursiveIterator traversing
Doctrine2 many-to-one association won't use JOIN query
Can I verify what algo php session hashing is using?
Override parent's parent's constructor in PHP
is there a way to "uninclude" a file with PHP?
PHP interface implementation rejects subclasses on parameters
MySQL slots under PHP / PDO
PHP Overloading to Unit Test Private Properties and Methods
Ajax Security (i hope)
recurring payment to already running paypal script
How to use MySQLi Prepared Statements with Stored Procedures
How to use @package & @subpackage in phpdoc?
Calculate difference between two datetimes
What's the preferred way of deploying a Symfony2 application?
How to manage Single Table Inheritance within Doctrine 2?
PDO_OCI vs OCI8
Should we use PHP framework for a high scalable web site? [closed]
Control access to files based on DB values with PHP/Apache
How to POST data as an indexed array of arrays (without specifying indexes)

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!