preventing multiple identical user login?

Aleksander Jarosz wrote:

> To prevent from doing this you could store the time of the users last
> activity (i.e. the last click on sth) and then check for xample every 15
> minutes with cron, if they are really doin'sth or if that's a dead
> session. If they last activity is for example from before half an hour,
> you colud delete that session.
>

Sorry, what I missed off in the original recipe is this:

Before doing any other checks, run a query something like this:

delete from loginsessions where expires < now();

And that way ALL stale sessions will just vanish, every time a session
is checked

not bad....

This way you don't have to use cron. But it will only work when the login
script is called very often... When it's called only twice an hour (so you
have only 50 visits a day) it won't work that good. But I don't think you
have to consider this in your example...

Aleks

Aleksander Jarosz wrote:

> not bad....
>
> This way you don't have to use cron. But it will only work when the login
> script is called very often... When it's called only twice an hour (so you
> have only 50 visits a day) it won't work that good. But I don't think you
> have to consider this in your example...
>
> Aleks

It still works, because the stale sessions are deleted every time the stalness
or otherwise of a session becomes an issue: if it matters whether there are
stale sessions, they'll get deleted.

Think about it, you'll see what I mean!

Oh yes, I use this on sites with 2-3 thousand visits a day, so it's fine; I've also
used it on sites with 10-20 visits per week (to pages that "count" for this case)
and it also works fine. You can leave a 3-week-old expired session in the database,
because it will cease to exist the moment you check whether it's still valid