How to restrict login to 1 active user per session in Apache?

Asked Feb 15 '16 at 21:45

Active Feb 16 '16 at 01:08

Viewed 698 times

I have a small subscription based web site and there are clients that are sharing their logins with others.

I would like to implement a method of allowing only 1 active session per user id.

Limiting based on IP only will not work as users are often behind a proxy with a single ID. It would seem some type of cookie or token per session would be required.

How do large subscription web sites limit abuse of account sharing.

I am running CentOS 6, Using Apache and mysql.

Update:

I would like to implement this within Apache or using a module. The solution of using Ruby is not within the scope, as I have no ruby experience and I am not running Ruby.

Thank you.

edited Feb 16 '16 at 01:08

asked Feb 15 '16 at 21:45

Mike

Apache is the wrong place to attempt do this as it should be stateless--session should not exist in apache. – Ray Feb 15 '16 at 21:49
Possible duplicate of [Devise limit one session per user at a time](http://stackoverflow.com/questions/7068919/devise-limit-one-session-per-user-at-a-time) – Ray Feb 15 '16 at 21:51
Where should this occur? The authenication is done in Apache (.htaccess) password file. – Mike Feb 16 '16 at 01:03

How to restrict login to 1 active user per session in Apache?

0 Answers0