perl-modperl mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Robert Landrum <>
Subject Re: [Newbie Q] Cleanest way to implement one logon per user?
Date Thu, 01 Aug 2002 19:28:05 GMT

On Thu, Aug 01, 2002 at 03:08:40PM -0400, Baljit Sethi wrote:
> Hello.
> I am hoping someone can point me in the right direction.  
> What I want to do is limit client logons to one logon per username ie while
> a client has a session open, he/she cannot logon to the website from another
> terminal.

The problem isn't determining when they've logged in, but determining when 
they've logged out.

While it may be possible to write a record to the db that contains username,
password, and IP address, it does not gaurentee that the user's ip address 
will not change mid session. (cable modem disconnect and reconnects with new ip,
transparent to the user.)

The short answer is, you can't.  The long answer is that you can, but it takes
way more work than it's worth.

The only way I've seen is to set a cookie (encrypted) on the client's machine
and flag the user as logged in.  If the user tries to log in again (from 
anywhere), it rejects it.  Only if the original client connects and clicks
logout (and the cookie still exists) does it actually remove the flag (and
the cookie).

The drawback here is that if any user ever deletes their cookies before
logging out, they're screwed, and will call asking you to fix it.

Good luck,


View raw message