tags:

views:

275

answers:

5
+2  Q: 

Limit client to visit a website with 1 tab and 1 browser?

I would like to do something like play.clubpenguin.com.

What it does is that, when you visit the site, maybe using firefox or IE, if you opened a new tab or use other browser, when you visit that site again, it will show something like: "Please close the other browser that opened this page" or something like that.

How to do this? (Its client's request)

More information: The site is Flash site

EDIT:

Ok, i think this is a tough question, well, in general, Can this be done using php, mysql and JS?

A: 

A few options spring to mind...

  1. When they first open the site, you'd need to store the user's current state in a cookie or similar, which you'd check for every time you open the site. If the state is Active, then it means they have another window open. The problem in ensuring that the state is cleared when they leave the original site window - you'd need to listen for the window.onunload event, and clear the state at that point - but you can't 100% guarantee this will happen.
  2. Otherwise, you could place a script on the site which pings a server script every n seconds, notifying the server there is a window open for that client, and prevent new windows being opened until there is a lapse in pings.
  3. To get more complex, you could maintain a persistent connection between the server and client (via sockets or similar), which would keep note of the same. Less calls from the client, a bit more complex to set up. See http://www.kirupa.com/developer/flash8/php5sockets%5Fflash8.htm for basic info on flash + sockets.
  4. Given you're working with Flash, you could look into Local Shared Objects (flash cookies) to store the state. Still possible to miss the unload event, but at least the cookie is persisted across all browser sessions and browser types.

Option 3 is the best IMHO.

Marcus  2009-12-04 07:39:13
1. I guess won't work across multiple browsers on the client machine.
Shailesh Kumar  2009-12-04 07:47:49
I though of using cookies as well, but then I also found some problems if using it. Your 3rd option sounds best, but I really no idea how to start, I mean implement it. Could you be more specific on 3rd option??
webdever  2009-12-04 07:49:57
@Kumar: Do you have any better solution?
webdever  2009-12-04 08:02:17
@webdever - If you're working with Flash and PHP, then you'd likely want to look into a PHP sockets server. See http://www.kirupa.com/developer/flash8/php5sockets_flash8.htm for an example of how persistent connections work.
Marcus  2009-12-04 09:50:06
Thanks for the update. I am reading it now
webdever  2009-12-04 09:56:48
local shared objects cant be deleted, although its a bit different from deleting normal cookies. Will it still be reliable??
webdever  2009-12-04 11:17:57
Sorry, I mean "local shared objects/ flash cookies, can be deleted"
webdever  2009-12-04 11:18:29
A: 

From a user perspective, I'm asking myself WHY would you want to restrict the abilities of your users?
Why would you want to take their freedom away?

Didier Trosset  2009-12-04 08:28:08
Ok, this is just an example: Like club penguin, if you allow multi browser login, you can earn money in cheating way, let say. You login as user A and B. A and B go to multiplayer game room, User A stand there do nothing to let user B earn money. Well, this is just 1 of the examples. And moreover, THIS IS NOT MY IDEA, "ITS A CLIENT's REQUEST", i put that that SENTENCE in my question as well. IF YOU DONT HAVE AN ANSWER, DONT REPLY IN ANSWER FIELD, REPLY IN COMMENT.
webdever  2009-12-04 08:34:05
Sorry for the caps. I am struggling and trying hard to solve this problem now.
webdever  2009-12-04 08:36:58
Yes, this is a client request. But thinking a bit further then, how would you prevent someone to do this from two computers? This is no so uncommon given how easy it is nowedays to create multiple virtual machines? They can even have different IP addresses ...
Didier Trosset  2009-12-04 08:47:50
You mean, can be done using php, mysql and js?? Could you be more specific, like how and what methods etc? Yeah, we cant 100% prevent it, all we can do is to Minimize it.
webdever  2009-12-04 08:53:21
A: 

If you want to forbid access with 2 different logins, you can enforce a rule that lock on a given resource.

The client IP could be one of this lockable ressource: only one session allowed for one given IP address. That would reduce the cheating to people that have multiple public IP addresses. People that shares public IP through proxy would have problem.

I don't see what other lockable resource you can use easily.

DomreiRoam  2009-12-04 08:52:32
Yeah, I should proposed this idea to my client. Bcuz they want to model like what clubpenguin does, i.e when you enter the page, not even login page, they will prompt you the message and ask you to close any browser/tabs that open it.
webdever  2009-12-04 08:58:23
What about people behind firewalls, where all appear under the same external IP address?
Marcus  2009-12-04 10:30:50
Oh yeah... Almost forgot about this. IPs are not very reliable..
webdever  2009-12-04 11:14:51
+4  A: 

Each time you serve the flash page to the user, generate a random token. Embed this token somewhere in the page, for example as a flashVar. Also, store the most recently generated token in the user's session.

Whenever the flash posts something back to the server, post the token as well. If the token does not match the token stored in the session, reject the post.

That way, only the most recently generated version of the page will have the ability to communicate with the server and if the user opens multiple versions of the page only the most recent will work.

This technique should work even if the user opens extra browsers on other machines. It doesn't use IP addresses to establish identity. And there is no chance that a user will somehow be 'locked out' permanently because every time they open the page again you reset the stored token.

It's a similar idea to the way some frameworks insert a validation token into forms to prevent Cross-site Request Forgery attacks.

ctford  2009-12-04 12:43:19
A: 

Solution:

Response your clients request with a NO, because you are the webdesign guru that knows what's the best for the client's visitors. the website doens't have to appeal to your client but the client's visitors. and when they are limited so hard on their own computers they are everything but satisfied.

Labuschin  2009-12-04 16:39:22
-1: "This is is not useful"
Ian Boyd  2009-12-17 15:09:40

related questions

Make Browser Window Blink in Task Bar
Large File Download
Browser's Default CSS
Disable browser 'Save Password' functionality
What's the simplest way to decremement a date in Javascript by 1 day?
Browser scrollbar
Limitations of screen readers.
Version detection with Silverlight
Best way to fix CSS/JS drop-down problem in IE7 when page includes Google Map
Recommendations for browser add-on tools to help with development
Hyperlinks displaced on IE7
Building Standalone Applications in JavaScript
HTML differences between browsers
Browser Sync accross many machines
Getting selected text in a browser, cross-platform.
How to get PNG transparency working in browsers that don't natively support it?
Best WYSIWYG CSS editor?
Javascript events
Preferred way to use favicons?
IE6: To support or not to support.
Getting the text from a drop-down box
Other browsers
Drag and Drop to a hosted Browser control
How can I tell if a web client is blocking ads?
How can I determine a web user's time zone?