Stopping multiple log ins.

[SHAD]

What would you say about this method to stop multiple log ins?

So when a user logs in, he is assigned a new session id, once logged in sucessfully, the sessionid get stored in the DB

For any requested pages, check the session id matches, otherwise the the session is destroyed with a message 'You cannot be logged in twice.

This way only one person can be logged in at one time from one browser on one machine.

[Danny696]

Umm, dont use a db.

On login, add cookie to user, with unique id in there, also store that value in the session. Check if it exists, and that it matches the session version. If not tell them and log them out. Simplez :)

[a_bertrand]

Non sense, if you use any cookie to identify somebody you already have a single login from this user / computer / browser. Yet you cannot prevent that the player uses more than one browser which means can be logged in multiple times. So quiet useless overall...

[rulerofzu]

I suppose you could gather the http user agent to get the browser information. Store that on login and you can check if it matches if not log them out.

[a_bertrand]

not really... first of all you can spoof a user agent, second I could use 2 different browser one at work and 1 at home...

[rulerofzu]

Using one at work and one at home I wouldnt class as multi logins as the time between locations would mean you was logged out due to PHP having a default timeout in its ini. Have to login again and then the status would be updated.

Yes you can spoof the user agent. I wouldnt use that just on its own. Hash the IP and user agent you could even go as far as storing the mac address. This would make it harder. Not fool proof just harder.

Nothing is foolproof you just make it harder or dont bother :D

[a_bertrand]

No the mac address will return always the one of your router not the one of the user. That doesn't work.

[rulerofzu]

Ah yes so it would. I was getting over zealous!