spdaza
Posts: 17
|
| Posted: 03/15/2007, 8:24 AM |
|
Hi.
I have an application working fine; but i havenīt been able to restrict the acces of an user wich is in session. If an user alpha enters into the application, and a few seconds later from other computer another person log with the same user alpha, he could do it without problem, that musnīt be allow, but i donīt know how to avoid the acces of second user.
Any Idea ??
Thanks
|
 |
 |
CCT
Posts: 44
|
| Posted: 03/15/2007, 8:45 AM |
|
You can implement some additional user sessions tracking.
I'd create a table in DB like this
CREATE user_activity {
user_id INTEGER,
user_last_active DATETIME
}
After this I would update user_last_active every time when logged in user visits any page (it can be done in Common file). In login action I would check if there is already active user (e.g. NOW() - user_last_active < 5 min) with that login then deny it. Also don't forget to delete user from user_activity table in Logout action.
_________________
Get more CodeCharge Studio builders at http://codechargetools.com |
|
|
|
CCT
Posts: 44
|
| Posted: 03/15/2007, 9:00 AM |
|
Another idea, maybe a bit more complicated and language specific.
I see the same post from you in PHP forum and assume you use PHP.
You could use "session_set_save_handler" function to override default session saving in PHP and store session data in database for example. Thus you will be able to scan all your currently active PHP sessions and determine if user is already logged in.
You can still try to get that session information from regular PHP session storage (filesystem), but there can be problems accessing your "session.save_path" folder due to access restrictions, data in sessions can be decoded with session_decode function.
_________________
Get more CodeCharge Studio builders at http://codechargetools.com |
|
|
|
spdaza
Posts: 17
|
| Posted: 03/15/2007, 9:15 AM |
|
can you explain me a little more of this second idea, the first is not usefull at all , because not all users use the log out button. i need to use something more complex,
thanks
|
|
|
|
CCT
Posts: 44
|
| Posted: 03/16/2007, 6:05 AM |
|
In first example you can specify your session timeout by yourself, so logging out every time isn't necessary.
Second example is basically the same, but you rely on PHP's sessions and their timeout period.
_________________
Get more CodeCharge Studio builders at http://codechargetools.com |
|
|
|
|
