Here's a couple of suggestions: 1) You can use javascript to trap the window's closure and create a new window that simply calls one of your scripts that closes the session. This is not 100% foolproof, however, so you need to come up with a backup plan, like closing sessions automatically with a batch process in the backend. 2) That's easy enough--just store a "unique token" in their session and in the database when they log in. If, when they come to you with a particular user id they do not have the right token, then that means that either (a) somebody is trying to steal a session or (b) two people have signed on with the same username, in which case you can decide who gets the boot. This, too, is not a completely foolproof method (particularly if you don't use SSL), but it's a good starting point. Hope this helps. Cheers, Marco -- ------------ php|architect - The magazine for PHP Professionals The first monthly worldwide magazine dedicated to PHP programmers Come visit us at http://www.phparch.com! On Wed, 2002-11-27 at 20:19, Chris Payne wrote: > Hi there everyone, > > I have a login system which uses sessions, and when people login it puts > the date they logged in in their profile and moves their last login date > over to another field, that works fine, but how can I check if someone has > logged out via code? In other words, if someone does what they want and > then just closes the browser without logging out no record is saved, how can > I tell whether they have logged out / gone from the website ? I need to > know this for security. > > Which brings me to my next question :-) > > How would I make it so only 1 person can login at any time with any given > username/password combo? I know I have to track the sessions, but not sure > how :-( > > Any help would really be appreciated. > > Chris > > > -- > PHP Database Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
