Limit PHP Session Authentication

Discussion in 'Programming/Scripts' started by bschultz, Jun 13, 2007.

  1. bschultz

    bschultz Member

    I have a php authentication script that checks against a MySQl database (shopping cart I can't change or add anything to it) for login info. Upon a correct login, a session is started. Is there anyway to limit the authentication to one username at a time? So that when user1 logs in...and someone else tries to use user1's username and password to access the page as well, it doesn't authenticate, or start the session.

    I should add that the session ends when the browser no cookies. I'm trying to authenticate people to a subscription to a college sports play-by-play audio stream. Games can be 3 1/2 hours...makes it hard to log someone out without their interaction. Thanks.

    Last edited: Jun 13, 2007
  2. Ben

    Ben ISPConfig Developer ISPConfig Developer

    Sure, if you save the session to the database, you should just store the loginname associated with this session as field in the DB, in case you can already associate it.
    When you check the logincredentials then, you just do a lookup in your database if the username already exists.
  3. bschultz

    bschultz Member

    Ok...but how do you write the username to the db and then remove it when they close the browser. Thanks.

  4. Ben

    Ben ISPConfig Developer ISPConfig Developer

    You write the username to the DB directly after the authentication process. The "how" depends on your implementiation.

    The Sessions in the DB should be removed by a garbage process.

    You do not remove the Session / Username when the browser closes, cause no browser sends any "signal" to a serverbased app. So the only way to do it is to use cookies. The cookie is set though the it disappears on closing the browser. The cookie itself holds the session id. that's it.

Share This Page