tags:

views:

173

answers:

3
+3  Q: 

prevent multiple login with same login credentials in php

My website has premium videos, for which users have to pay to watch it. I am sending a random user name and password to the user's email id when the payment is completed. Then I want to assure no more than one user use that login credentials simultaneously. For that I use a login_status column in database table with login credentials and change it to 1 when one user login and change to 0 when user log out. But the problem is, if the user close browser or network connection loss may happened will not update database. Then login_status will be 1 undefinitely and no one can use that login credentials again.

Is there any idea to accomplish my task?

+2  A: 

How about you write a timestamp into the database when the user logs in. You might have some logic to periodically update this value if the user is still logged in - for example, the page could make an AJAX request every 5 minutes to update the value or something.

Then, if the value is older than a certain threshold (say, 1 hour) you can allow a duplicate login through - which of course will reset the timestamp and prevent anyone else from accessing.

Justin Ethier  2010-06-02 15:05:53
What if I decide to prevent the AJAX script from executing ? I'll be logged, and can stay logged and watch the videos, just have to wait to log from somewhere else and so on, no ?
Serty Oan  2010-06-02 15:14:32
+1  A: 

Try creating a custom session handler. The right place to store the data is alongside the session information - and you get the benefits of fully automatic garbage collection.

You might also want to combine this with using a cookie with a fixed (but updating) expiry time - so users can resume their session after closing their browsers rather than having to wait for the garbage collection to reap the expired session.

C.

symcbean  2010-06-02 15:06:19
A: 

Periodically (hourly?) go through the database and change all of the login_statuses to 0.

Change it back to 1 when the user uses the site for whatever reason.

That way, no one will be locked out for more than 1 hour at a time.

Christian Mann  2010-06-02 15:07:30

related questions

What language do you use for Postgresql triggers and stored procedures?
Are Multiple DataContext classes ever appropriate?
Which tools do people use to create Data Dictionaries?
Any experiences with Protocol Buffers?
Mechanisms for tracking DB schema changes
How big can a MySQL database get before performance starts to degrade.
How do I index a database field
How does database indexing work?
How do I connect to a database and loop over a recordset in C#?
Editing database records by multiple users
Object Oriented vs Relational Databases
VFP .NET OLEdb provider does not work in Win 64-Bits. Help
Embedded Database for .net that can run off a network
Connect PHP to an AS/400
Swap unique indexed column values in database.
cx_Oracle - what is the best way to iterate over a result set?
cx_Oracle - How do I access Oracle from Python?
.NET Migrations Engine
Is there a version control system for database structure changes?
SQLite and XSD
How do I version my MS SQL database in SVN?
XSD DataSets and ignoring foreign keys
Flat File Databases in PHP
Throw Error In MySQL Trigger
Binary Data in MySQL