> -----Original Message-----
> From: tvlgiao [mailto:tvlgiao@xxxxxxxxx]
> Sent: Sonntag, 5. Februar 2006 00:28
> To: users@xxxxxxxxxxxxxxxx
> Subject: [users@httpd] only one ip per user (has many
> connections) can access resource at the same time ?
>
> Hello all,
>
> How can I configure Apache to use mod_auth_mysql to solve
> the following authentication theme:
>
> In brief: if A logs in and is downloading (connection
> established, IP is saved when he logs in), no other user can
> use A's account to authenticate (because anyone else has
> different IP.)
>
> If A logs in and is not downloading anything (no connection,
> session and A's IP is saved). B can use A's account to log
> in (establish a new Connection, B's session overrides A's as
> A hasn't start any connection). Hence, Precisely at the time
> when B logs in, A is booted as B's session already overrides A's.
You have a fundamental misunderstanding of HTTP. It is not a conection-based protocol (like the telephone), it is connection-less and stateless and works with the client and server exchanging messages (ie, it is electronic document mail-order). So, at the HTTP layer, you don't really have people "logged in" at all...
Having said all that, you can provide the illusion of sessions and statefullness, but only by loading an application on top of HTTP - this would be some form of session tracking using cookies, for example. For this, you need additional server-sided logic (eg, CGI, PHP, Cocoon, etc.) and it can't be done simply by configuring apache.
Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored.
|