php session management

Question

Hello All,

I am developing a system in php which has different types of users like admin, A, B, C.

I need to allow log in just one user from the type at a time. Means 1) if there is already an admin user is logged in, no other admin user can log in. 2) And the logged in credentials cannot be used on other pc at the same time (just like yahoo messenger login system).

I have tried to store session with login logout time in database table when someone login and logout. But it creates problem when someone close the browser without logging out, the logout entry time misses.

Answer 1

You can always set the session expiration time extremely short (say 60 seconds) and use a Ajax postback on each page timed out at say 25 seconds to keep the session alive. This is how Facebook knows if you are "online" for their facebook IM

Answer 2

1) if there is already an admin user is logged in, no other admin user can log in.

If you want to stop multiple logins from same system then set a session flag like $_SESSION['loggedin']=true; while a successful log in occurs, then before each login attempt, check this flag and only when the flag is falseproceed with the login process.

If you want to stop multiple logins from multiple system then create a temporary table in your database to hold the status of your logged-in users and before any login attempts occur check this table to find any logged in user, if you dont find any user then only proceed, or else prompt the user

2) And the logged in credentials cannot be used on other pc at the same time (just like yahoo messenger login system).

create a temporary table in your database, which will hold the status of your all logged in users, then when a user who is already logged-in, attempts to log in from another place, check the status of that userid in your temporary table, if he is already found logged-in then either prompt him or deny him or log him off from other computer before logging him in again.