Validate if user has logged elsewhere


Want to validate if a user has logged on elsewhere, don’t know where to start :unsure:

I’m stuck here, if you could please give some guidelines …

Some ideas came into my mind, like store session on database, if this a feasible approach?

To clarify: Do you mean in different geographic places (such as another IP) or on another domain?

Absolutely, the idea is not to allow a single user to have multiple sessions simultaneously

This may help you

You didn’t really answer my question :P

Choose one:

A: Do you mean in different geographic places (such as another IP)?

B: Do you mean on another domain of yours?

I assume you mean A.

You could have a field in your user table with a session id, and update that value on login. In CWebUser::init(), if the user is not a guest ("if (!$this->isGuest)") you can check those two values against each other. If they dont match, log the user out and ask him to log in again.

Thanks you both,

Using this approach, is there a possibility of session id collision?. I mean, how are session IDs generated?

You’re welcome.

I once found a great thread about this at stackoverflow:

Yes, there is a possibility, but it’s very very low. If you care, you can find approaches to make it more unique. You might want to read my link or search for “php sessionid entropy”.

Thank you buddy!!

Now I need to get into this…