-1

I currently differentiate users with $_SESSION[id]. But it has come to my attention that some users are sharing login details on multiple devices simultaneously. Which can cause problems on the system. If I can find a way to identify these identical session values and then differentiate them, I could solve this problem. Is there some way to get a unique code for every device? Any ideas much appreciated. Thank you.

George
  • 36,413
  • 9
  • 66
  • 103
user2014429
  • 2,497
  • 10
  • 35
  • 49
  • 1
    You can assign a random token when user authenticates. It will be different even if the same user is logged in twice. – Guillaume Poussel Oct 15 '13 at 18:10
  • Same rules apply for logged-in users: http://stackoverflow.com/questions/3940179/detecting-a-unique-anonymous-user – Diodeus - James MacFarlane Oct 15 '13 at 18:12
  • What kind of problems are you encountering? – deceze Oct 15 '13 at 18:16
  • Maybe the session is being prematurely recreated..? The session *should only be created if it does not already exist* or is expired and it *should not share any data with any other session*. Since *the session cookie/token is (or should be) a nonce*, then it implicitly creates a data isolation barrier between all sessions. – user2864740 Oct 15 '13 at 18:16

1 Answers1

0

You session ID is effectively a unique code for each connected client since it's a unique cookie value stored in the browser. You could, if it's a valid requirement, limit users to only one valid session and block all other login attempts.

Matt S
  • 14,976
  • 6
  • 57
  • 76