> I have a login system which uses sessions, and when people login it puts > the date they logged in in their profile and moves their last login date > over to another field, that works fine, but how can I check if someone has > logged out via code? In other words, if someone does what they want and > then just closes the browser without logging out no record is saved, how > can > I tell whether they have logged out / gone from the website ? I need to > know this for security. You can't know for sure. It's a limitation of HTTP. What you do is assume that if after X minutes, the user hasn't done anything, then they have left. If you're using sessions, the files will be cleaned up after X minutes, anyhow, and they will lose their login. > Which brings me to my next question :-) > > How would I make it so only 1 person can login at any time with any given > username/password combo? I know I have to track the sessions, but not > sure > how :-( Set a flag in the database that says whether that user is logged in. If that username tries to log in again, set an error. The problem you'll run into with this, though, is you'll have to implement a "cleanup" system to unset the flag after X minutes of inactivity. Also, if I accidentally close my window and then go back to log in, it won't let me because the flag is still set until your cleanup program unsets it. ---John Holmes... -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
