Multiple Login in a single PC should not be possible
in [General]
|
From: Karl DeSaulniers on 14 May 2010 05:26 Only other thing I could think of is a session timeout. Because if two people are using the same computer, one person is going to be away long enough to time out. HTH Karl On May 14, 2010, at 4:21 AM, Karl DeSaulniers wrote: > Hi J, > Well, if you have an active users table with a users name in it and > you check when logging in to see if that users name is in that table, > They can not log in again. No matter what machine or browser they > are in. > > As far as another user logging in on that same machine, you could > match a cookie on the machine and the database that holds what > browser they are using and username, an MD5 ip, etc. > But someone can always delete cookies and some even know how to > bounce ip addresses, so unless you have a bunch of hackers using > your machines, these suggestions should work. > Unless someone else has a better suggestion. > GL, > > :) > > Karl > > > On May 14, 2010, at 4:08 AM, Jagdeep Singh wrote: > >> I want that only single user can login on a single machine.... If >> User has logged in one browser he should not login through 2nd >> browser... >> >> And no other user should login on same machine in any browser >> >> in Simple words: >> >> MAXIMUM ONE USER SHOULD LOGIN IN ONE MACHINE....... >> >> On Fri, May 14, 2010 at 2:23 PM, Karl DeSaulniers >> <karl(a)designdrumm.com> wrote: >> You lost me on that one. >> >> You want it so that multiple users can log in, but they have to be >> on separate browsers? >> >> >> Karl >> >> >> >> On May 14, 2010, at 3:26 AM, Jagdeep Singh wrote: >> >> Hi, >> >> yes, I can make a databse table to record LOGIN details, But I >> want that No >> other user can login on same machine on smae or another browser. >> >> E.g. >> >> If user1 has logged in from IE then user2 should not login from >> Firefox or >> Chrome etc.. >> >> I need ONLY ONE USER ACCESS AT SAME TIME ON SAME MACHINE (On Same >> or Other >> broswers) >> >> Regards >> >> Jagdeep Singh >> >> On Fri, May 14, 2010 at 1:26 PM, Peter Lind >> <peter.e.lind(a)gmail.com> wrote: >> >> On 14 May 2010 09:29, Lester Caine <lester(a)lsces.co.uk> wrote: >> Jagdeep Singh wrote: >> >> Hi All! >> >> I am looking for a solution, I want a user to do a single Login >> only on >> a >> PC >> . >> >> E.g. If a User has logged on my website website.com in Internet >> explorer, >> then he cant login on same website in another browser like Firefox >> etc >> with >> same loginid or another. >> >> Can I trace MAC address of a single machine to solve this issue? >> >> The browser IP address works for us quite reliably. Once logged >> in, you >> get >> a message saying already logged on ... and where ... but it does >> need a >> little help if the user closes the browser without logging out. >> One needs >> a >> facility to 'bounce' a user now and again .... however some remote >> users >> may >> well have 'floating' IP addresses :( >> >> >> Don't rely on IP addresses staying the same for a user, it's not safe >> in any way and not needed anyway. Karls method is probably the best >> bet - just remember to record "last accessed time" so anyone not >> accessing for more than 15-20 minutes will succeed if trying to >> log in >> again. >> >> Regards >> Peter >> >> -- >> <hype> >> WWW: http://plphp.dk / http://plind.dk >> LinkedIn: http://www.linkedin.com/in/plind >> Flickr: http://www.flickr.com/photos/fake51 >> BeWelcome: Fake51 >> Couchsurfing: Fake51 >> </hype> >> >> >> Karl DeSaulniers >> Design Drumm >> http://designdrumm.com >> >> >> -- >> PHP General Mailing List (http://www.php.net/) >> To unsubscribe, visit: http://www.php.net/unsub.php >> >> > > Karl DeSaulniers > Design Drumm > http://designdrumm.com > Karl DeSaulniers Design Drumm http://designdrumm.com
From: Richard Quadling on 14 May 2010 06:04 On 14 May 2010 08:18, Jagdeep Singh <jagsaini1982(a)gmail.com> wrote: > Hi All! > > I am looking for a solution, I want a user to do a single Login only on a PC > . > > E.g. If a User has logged on my website website.com in Internet explorer, > then he cant login on same website in another browser like Firefox etc with > same loginid or another. > > Can I trace MAC address of a single machine to solve this issue? > > Or is there a concept of GLOBAL COOKIE / Cross Browser Cookie which will > work for all browsers in a single machine.. > > I hope You will help me out > > > Regards > > Jagdeep Singh > +91 9988009272 > Store the session id against the user table when they login if there is no session id currently stored for the user. On all secure pages, compare the current session id against the stored session id for their login. If they are the same, then this is the same user in the same session. At this stage, you can regenerate the session id and store a new one against the user. Essentially making the session id active for a single page only. If the sessions are different you can now either ... 1 -Tell the user that you can only have 1 active login per account and send them back to the home page (ideally an unsecured page where the browser won't automatically attempt to login by using remembered passwords.). 2 - Clear the session against the user table and tag the account so that all instances can be told that only 1 active account per login. Essentially logging the other user out - not nice but if multiple logins are in violation of an agreement, then all suffer. It does allow a "real" user to know that their details are known if they didn't attempt the second login. You also need to incorporate a time out to allow the first login to automatically expire without needing a logout. If you use the same timeout as the session timeout, then they will sync, but you will need to update the DB on each page request. A logout should clear the sessionid and the expiry info from the user table. Richard. -- ----- Richard Quadling "Standing on the shoulders of some very clever giants!" EE : http://www.experts-exchange.com/M_248814.html EE4Free : http://www.experts-exchange.com/becomeAnExpert.jsp Zend Certified Engineer : http://zend.com/zce.php?c=ZEND002498&r=213474731 ZOPA : http://uk.zopa.com/member/RQuadling
From: Ashley Sheridan on 14 May 2010 07:37 On Fri, 2010-05-14 at 04:26 -0500, Karl DeSaulniers wrote: > Only other thing I could think of is a session timeout. > Because if two people are using the same computer, one person is > going to be away long enough to time out. > > HTH > > Karl > > > > On May 14, 2010, at 4:21 AM, Karl DeSaulniers wrote: > > > Hi J, > > Well, if you have an active users table with a users name in it and > > you check when logging in to see if that users name is in that table, > > They can not log in again. No matter what machine or browser they > > are in. > > > > As far as another user logging in on that same machine, you could > > match a cookie on the machine and the database that holds what > > browser they are using and username, an MD5 ip, etc. > > But someone can always delete cookies and some even know how to > > bounce ip addresses, so unless you have a bunch of hackers using > > your machines, these suggestions should work. > > Unless someone else has a better suggestion. > > GL, > > > > :) > > > > Karl > > > > > > On May 14, 2010, at 4:08 AM, Jagdeep Singh wrote: > > > >> I want that only single user can login on a single machine.... If > >> User has logged in one browser he should not login through 2nd > >> browser... > >> > >> And no other user should login on same machine in any browser > >> > >> in Simple words: > >> > >> MAXIMUM ONE USER SHOULD LOGIN IN ONE MACHINE....... > >> > >> On Fri, May 14, 2010 at 2:23 PM, Karl DeSaulniers > >> <karl(a)designdrumm.com> wrote: > >> You lost me on that one. > >> > >> You want it so that multiple users can log in, but they have to be > >> on separate browsers? > >> > >> > >> Karl > >> > >> > >> > >> On May 14, 2010, at 3:26 AM, Jagdeep Singh wrote: > >> > >> Hi, > >> > >> yes, I can make a databse table to record LOGIN details, But I > >> want that No > >> other user can login on same machine on smae or another browser. > >> > >> E.g. > >> > >> If user1 has logged in from IE then user2 should not login from > >> Firefox or > >> Chrome etc.. > >> > >> I need ONLY ONE USER ACCESS AT SAME TIME ON SAME MACHINE (On Same > >> or Other > >> broswers) > >> > >> Regards > >> > >> Jagdeep Singh > >> > >> On Fri, May 14, 2010 at 1:26 PM, Peter Lind > >> <peter.e.lind(a)gmail.com> wrote: > >> > >> On 14 May 2010 09:29, Lester Caine <lester(a)lsces.co.uk> wrote: > >> Jagdeep Singh wrote: > >> > >> Hi All! > >> > >> I am looking for a solution, I want a user to do a single Login > >> only on > >> a > >> PC > >> . > >> > >> E.g. If a User has logged on my website website.com in Internet > >> explorer, > >> then he cant login on same website in another browser like Firefox > >> etc > >> with > >> same loginid or another. > >> > >> Can I trace MAC address of a single machine to solve this issue? > >> > >> The browser IP address works for us quite reliably. Once logged > >> in, you > >> get > >> a message saying already logged on ... and where ... but it does > >> need a > >> little help if the user closes the browser without logging out. > >> One needs > >> a > >> facility to 'bounce' a user now and again .... however some remote > >> users > >> may > >> well have 'floating' IP addresses :( > >> > >> > >> Don't rely on IP addresses staying the same for a user, it's not safe > >> in any way and not needed anyway. Karls method is probably the best > >> bet - just remember to record "last accessed time" so anyone not > >> accessing for more than 15-20 minutes will succeed if trying to > >> log in > >> again. > >> > >> Regards > >> Peter > >> > >> -- > >> <hype> > >> WWW: http://plphp.dk / http://plind.dk > >> LinkedIn: http://www.linkedin.com/in/plind > >> Flickr: http://www.flickr.com/photos/fake51 > >> BeWelcome: Fake51 > >> Couchsurfing: Fake51 > >> </hype> > >> > >> > >> Karl DeSaulniers > >> Design Drumm > >> http://designdrumm.com > >> > >> > >> -- > >> PHP General Mailing List (http://www.php.net/) > >> To unsubscribe, visit: http://www.php.net/unsub.php > >> > >> > > > > Karl DeSaulniers > > Design Drumm > > http://designdrumm.com > > > > Karl DeSaulniers > Design Drumm > http://designdrumm.com > > Why do you not want a user to be able to log into your system with another browser on the same machine? There is no way to grab the MAC address, and using the IP address is, as others have already mentioned on this thread, unreliable (consider a dozen employees in an office who will all be using the same external connection, ergo the same IP) It seems that a token might be the best method. You can store other information you get from the user agent if you want to try and pin down a particular user. Is it really necessary though? I use Firefox in the main as my browser, but occasionally an update of xul without an update of Fx will kill Fx, so I'm forced to use another browser temporarily. Likewise, people who use IE are more susceptible to virii, and the advice given to IE users is to use another browser such as Fx or Chrome. What I'm trying to say is that often people will have very legitimate reasons to be using an alternative browser on the same machine, and you could be locking them out. Is it absolutely necessary that they be limited in such a way? What is your need for this? Thanks, Ash http://www.ashleysheridan.co.uk
From: "Bob McConnell" on 14 May 2010 08:33 Web servers can only identify computers, not users. You will need something else to track which user started a specific application on a particular computer, probably a fingerprint scanner next to the keyboard. But that won't prevent someone else from replacing the entity between the keyboard and the chair after they log in. Plus, it is unlikely that will be useful in a true multi-user environment. There are simply too many possible ways to get around your restrictions. Bob McConnell -----Original Message----- From: Jagdeep Singh [mailto:jagsaini1982(a)gmail.com] Sent: Friday, May 14, 2010 4:26 AM To: Peter Lind Cc: Lester Caine; php-general(a)lists.php.net >> "php-general(a)lists.php.net" Subject: Re: [PHP] Multiple Login in a single PC should not be possible Hi, yes, I can make a databse table to record LOGIN details, But I want that No other user can login on same machine on smae or another browser. E.g. If user1 has logged in from IE then user2 should not login from Firefox or Chrome etc.. I need ONLY ONE USER ACCESS AT SAME TIME ON SAME MACHINE (On Same or Other broswers) Regards Jagdeep Singh On Fri, May 14, 2010 at 1:26 PM, Peter Lind <peter.e.lind(a)gmail.com> wrote: > On 14 May 2010 09:29, Lester Caine <lester(a)lsces.co.uk> wrote: > > Jagdeep Singh wrote: > >> > >> Hi All! > >> > >> I am looking for a solution, I want a user to do a single Login only on > a > >> PC > >> . > >> > >> E.g. If a User has logged on my website website.com in Internet > explorer, > >> then he cant login on same website in another browser like Firefox etc > >> with > >> same loginid or another. > >> > >> Can I trace MAC address of a single machine to solve this issue? > > > > The browser IP address works for us quite reliably. Once logged in, you > get > > a message saying already logged on ... and where ... but it does need a > > little help if the user closes the browser without logging out. One needs > a > > facility to 'bounce' a user now and again .... however some remote users > may > > well have 'floating' IP addresses :( > > > > Don't rely on IP addresses staying the same for a user, it's not safe > in any way and not needed anyway. Karls method is probably the best > bet - just remember to record "last accessed time" so anyone not > accessing for more than 15-20 minutes will succeed if trying to log in > again. > > Regards > Peter > > -- > <hype> > WWW: http://plphp.dk / http://plind.dk > LinkedIn: http://www.linkedin.com/in/plind > Flickr: http://www.flickr.com/photos/fake51 > BeWelcome: Fake51 > Couchsurfing: Fake51 > </hype> >
From: Floyd Resler on 14 May 2010 09:01
On May 14, 2010, at 3:18 AM, Jagdeep Singh wrote: > Hi All! > > I am looking for a solution, I want a user to do a single Login only on a PC > . > > E.g. If a User has logged on my website website.com in Internet explorer, > then he cant login on same website in another browser like Firefox etc with > same loginid or another. > > Can I trace MAC address of a single machine to solve this issue? > > Or is there a concept of GLOBAL COOKIE / Cross Browser Cookie which will > work for all browsers in a single machine.. > > I hope You will help me out > > > Regards > > Jagdeep Singh > +91 9988009272 If you store sessions in a MySQL table you could access that table to see if the user is still logged in and when the last time the session data was updated. Take care, Floyd |