I would like to make my website to allow only one session at a time. For example, let say user has login to my website on firefox, if the user login again to another browser like opera on the same computer or different computer, the session on firefox will be destroyed. However, the session on firefox remained if it remains as one session. May I know how can I do that? I am using php and apache. Thank you.
Regards. Benjamin
I did this yesterday using mod_auth_kerberos. Basic process is as follows:
Install kerberos and configure
On active directory create a new user
Use ktpass on windows to create a keytab
Copy keytab to ubuntu and configure apache to use keytab
Have a look at the documentation here: http://www.grolmsnet.de/kerbtut/. It explains the configuration files better than I ever could.
Ubuntu specific bits are probably just installation, for which you'll want:
sudo apt-get install krb5-user libapache2-mod-auth-kerb
You can't do it.
But none of this will guarantee that only one user uses this login, and that those 105 IP from all over the world doesn't belong to only one unique user, which uses Proxy or whatever.
And the last: you never need this in the Internet.
UPD
However, what I'm asking is about limiting multiple users from using the same account simultaneously which I feel should be possible
So you can store some token, that will contain some encrypted data: IP + secret string + user agent + user browser version + user OS + any other personal info: encrypt(IP + "some secret string" + request.user_agent + ...). And then you can set a session or cookie with that token. And with each request you can fetch it: if user is the same? Is he using the same browser and the same browser version from the same OS etc.
Also you can use dynamic tokens: you change token each request, so only one user could use system per session, because each request token will be changed, another user will be logged out as far as his token will be expired.
Yeah, I did similar for my project.
So, you need add to your user model another attribute in this case: last_sessid.
public function swapping($user) {
$new_sessid = Session::getId(); //get new session_id after user sign in
$last_session = Session::getHandler()->read($user->last_sessid); // retrive last session
if ($last_session) {
if (Session::getHandler()->destroy($user->last_sessid)) {
// session was destroyed
}
}
$user->last_sessid = $new_sessid;
$user->save();
}
Now, if the user has an active session, and signs in another browser, the first session will be removed.
P.S. Sorry for my bad english :)
The command line may run 5.2.8, but may have nothing to do with the cgi or module that apache runs. What does a webrequest with <?php echo phpversion();?> tell you about the version? Possibly use a full phpinfo() to check what's provided & where. Especially if you compiled a version of php by hand changes are high you did it only for the CLI package.
I'll suggest you to do something like this:
Suppose when user "A" loges in to the "Com_1", for the first time. Save a unique code in the database against that session, and same with the user session.
At the mean time if he (user "A") loges in again on "com_2", then check his status in the database and update the unique code in the database.
again back if same user (user "A") refreshes the page on "com_1", we all you need to do is check the unique code from the session and match it to the database, It is for sure it will not match, then log it out and destroy the session.
For keeping the user loggedin, even if browser is closed, you can store the cookie on the browser, and re-generate the session accoordingly.
Hope this helps. Thank you.