I need a method of stopping concurrent logins using PHP/MySQL.
The current setup
Currently there are 2 people sharing the same login on a system i have built internally where i work. Due to the nature of the system i dont want them both logging in.
What I have tried
Around 10 articles on stackoverflow and googled for as long as i can.
I also attempted adding a "loggedin" field in the user table which upon logging in was set to 1 and upon logging out was set to 0. Then if the same user credentials where used at login, it would fail.
The problem i had was that if the person who was logged in shut down the browser without logging out properly, it wasnt updating the database. Then i get a phone call from that person and i would have to reset the value to 0 in the database.
This isn't feasible going forward as the product is being rolled out to around 20 people internally soon.
What I need
What i need is to find a way that when the browser closes a script gets executed to update the database. Alternatively a way of reading every current session on the server, which i could manipulate, or something else.
Restrictions
Our hosting providers are awful and subsequently what changes i can make to the server are limited/impossible. The hosting is a shared hosting solution.
To prevent the user from login on multiple systems or web browsers you need to generate a token on each successful login attempt. Need to check the token on each page. If the token does not match then destroy the SESSION and log out the user.
Navigate to Product Settings → Connection → General Settings. Check the box next to Deny Concurrent Logins. Once enabled, the user will not be able to log in from another device at the same time. Other active sessions will not be affected by this change.
What i need is to find a way that when the browser closes a script gets executed to update the database.
You can't.
Your best solution may be associating the session ID with the user in the database. If the session ID on the user's computer doesn't match the most recent session ID in the database, make them log in and update the db.
perhaps you should flip this around.
the person trying to log in gets a new session, and the new session invalidates any old sessions for the same username (thus logging them out)
this way only one person can be logged in at a time.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With