On May 22, 2010, at 3:37 PM, Robert Cummings wrote:
This was beaten to death last week. The solution is not possible
because it's not about restricting a single user from logging over
multiple machines, it about restricting a single computer to only
one session (so running IE, Firefox, Opera, Safari on same computer
with different users would not be allowed).
Cheers,
Rob.
Karl DeSaulniers wrote:
Yeah. Don't be concerned about which browser. Just set up an
active users table in your database that gets checked at login.
Then it doesn't matter which machine or browser. Unless you know
that the computers are giving the true ip, there is no way to
keep a user from logging in with two account on the same
computer. Otherwise add the active users ip to the active users
table and check it as well on login
Easy peasey
Karl
Sent from losPhone
On May 22, 2010, at 12:34 AM, Gautam Bhatia
<mail2gautambhatia@xxxxxxxxx> wrote:
On Friday 14 May 2010 12:48 PM, Jagdeep Singh wrote:
Hi All!
I am looking for a solution, I want a user to do a single Login
only on a PC
.
E.g. If a User has logged on my website website.com in Internet
explorer,
then he cant login on same website in another browser like
Firefox etc with
same loginid or another.
Can I trace MAC address of a single machine to solve this issue?
Or is there a concept of GLOBAL COOKIE / Cross Browser Cookie
which will
work for all browsers in a single machine..
I hope You will help me out
Regards
Jagdeep Singh
+91 9988009272
hi Jagdeep,
I am not really sure , i got your question right but
there is something you can try if this helps, in the mysql dbase add
field like "loggedIn" , which can be true/false, when person logs in
change it to true , so even if the person is using other browser,
you
can check the value from dbase, if user is already logged in or
not. If
that makes sense to you , good luck.
regards,
Gautam Bhatia
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
E-Mail Disclaimer: Information contained in this message and any
attached documents is considered confidential and legally protected.
This message is intended solely for the addressee(s). Disclosure,
copying, and distribution are prohibited unless authorized.
Sorry for the top posting.
Ah, I see. Don't mean to beat a dead horse.
I still stand by my suggestion though.
If you record the username and ip in an active user table,
then set a cookie on the computer that is cross referenced with the
ip and username,
you will have a little better check system.
Also, if you set a fall back that say checks to see if the cookie is
being reset or set for the first time or if the cookie has been
deleted, you can kick them.
Set the cookie to expire and be reset while in session to check to
see if it changes while the user is logged in.
Basically, if you check for log-in status from the active user table
and cross reference the ip,
it will probably cover say 75% of the cases. Using the cookie and
putting strict requirements
for the cookie to have been pre-existing with the right ip or if it
is being set for the first time,
you will have a little more control. Plus you could create a blob of
ips that is referenced with
each username that can be cross referenced to see if a user has
multiple ip sets or if two users have a similar ip.
Thus a little more granular control on the computers accessing your
site.
But like having an expensive painting in your house,
if the thief is going to put that much work in to get it, chances are
they will.
Just make sure its insured. :)
Karl DeSaulniers
Design Drumm
http://designdrumm.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
