0

I want to prevent the same account being logged in in multiple browser sessions. The how has already been answered. For example: How to restrict user to be logged only one time per session? and PHP /SESSION: Login one per user?

These two approaches prevent the user from logging in again. However Gmail (for example) just logs out the old session. With this technique, to me, it doesn't matter that much if it's done "live" with AJAX calls or on the next page refresh.

I would like to know which one is preferred and what are the cons and pros of both?

So again, the choice:

  1. Prevent logging in again in new browser session
  2. Logout the old session (either with AJAX or next request)
Community
  • 1
  • 1
Flip
  • 4,778
  • 1
  • 34
  • 48

2 Answers2

1

Ultimately preventing someone logging in can be a massive headache for users, depending on your session time-out. Consider a user on a latop, battery dies, goes to his desktop and he is unable to login for x amount of time. Same thing could be said for a browser crash.

If you opt to prevent login, you will need someone on call to be able to force users to logout as not to disrupt their work.

It really depends on what the application you building is. There is web base software out there that limits number of logins. For example a crane spec software limits login due to the fact people work for hours on one project. Companies only buy x amount of seats but have > x amount of users. So if they didn’t prevent logins, hours worth of work could be lost due to someone else "stealing the seat"

It's really up to you to decide on which option will work best in your situation.

Rob
  • 409
  • 4
  • 20
-1

For this kind of requirement you need to make a database table when user will login it will be updated with username with ip address of user and when user logout that row will be deleted. Now what you have to do is simply when user login u have to insert a row into table with username and user ip address. When user try to login the same account from different browser firstly check whether that row exists or not if not then let them login or if exist tell them that from ip address this username is already logged in.

Neeraj Kumar
  • 1,058
  • 1
  • 9
  • 22
  • The question was about weighting the cons and pros of two different implementations. I know how to do the actual implementation ... – Flip Dec 02 '13 at 16:18