I have a php authentication script that checks against a MySQl database (shopping cart DB...so I can't change or add anything to it) for login info. Upon a correct login, a session is started. Is there anyway to limit the authentication to one username at a time? So that when user1 logs in...and someone else tries to use user1's username and password to access the page as well, it doesn't authenticate, or start the session. I should add that the session ends when the browser closes...so no cookies. I'm trying to authenticate people to a subscription to a college sports play-by-play audio stream. Games can be 3 1/2 hours...makes it hard to log someone out without their interaction. Thanks. Brian
Sure, if you save the session to the database, you should just store the loginname associated with this session as field in the DB, in case you can already associate it. When you check the logincredentials then, you just do a lookup in your database if the username already exists.
Ok...but how do you write the username to the db and then remove it when they close the browser. Thanks. Brian
You write the username to the DB directly after the authentication process. The "how" depends on your implementiation. The Sessions in the DB should be removed by a garbage process. You do not remove the Session / Username when the browser closes, cause no browser sends any "signal" to a serverbased app. So the only way to do it is to use cookies. The cookie is set though the it disappears on closing the browser. The cookie itself holds the session id. that's it.
