Allowing only one user identity at the time


I was wondering if there was a simple way to allow only one user identity at the time?

By this I mean if a user is logged from a first computer and tries to log in from another one, he will be logged out from the first one.

I tried to call a logout() before performing login() in the authenticate() function of the LoginForm model, but I get redirected to the home URL instead of being logged in.

Thanks for your help!

You would probably have to store each authenticated session in the database and invalidate it when the user logs on from another computer

before each request you’ll have to check if the session is still valid

I tried to add a row corresponding to the user id in the session table generated by CDbHttpSession but it seems to be a problem for the class because it does not login any more.

In fact, I don’t really see where I have to insert the user id in the session table, is it directly in the session class, the user identity one, the actionLogin() function, …?

I would just create a table called authenticated_sessions with the columns session_id and user_id

when ever someone logs in your add that to the table and delete any other rows with that user_id

whenever a logged in user loads a page you check that table to see if there is a record matching the session_id and user_id

if not you log the user out

there is probably a simpler way to do this but this is my best shot