Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Rhinorhino on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Prevent multi-session

Status
Not open for further replies.
tcardoso

tcardoso

Programmer
Joined
Jan 31, 2005
Messages
56
Location
PT
Hi,

I want to catch multi-session and logout who makes it. Like if you are working on a Firefox browser and if you login on a IE browser, the first session has to be disabled. Same thing on tabs on firefox, etc...

Only one window session active! How can I do it?

Thanks
 
Sort by date Sort by votes
sniff the IP? other than that, i can't see a way for you to identify a particular session as belonging to a particular client.

unless you require all users to login to your application?
 
Upvote 0 Downvote
Yes. They are all login. Its with SESSION ID, but I don't know how!
 
Upvote 0 Downvote
just keep a log of each sessionID issued against each login.
 
Upvote 0 Downvote
how can I do it. I'm a JAVA programmer, not much of a PHP one :)
 
Upvote 0 Downvote
the logic is the same in java as it is in any other language

Code: 
//assume that the login is now valid and that userid is stored in $userid

$sql = "Select sessionID from sessionTable where userid = '$userid'";
$result = mysql_query($sql) or die ('query error. '.mysql_error());
if (mysql_num_rows() > 0) {
 $sessionID = mysql_result($result, 0, 0);
 session_id($sessionID); //set the session ID for this session
 session_start();
} else {
 session_start();
//update the database
 $sessionID = session_id();
 $sql = "insert into sessionTable set sessionID = '$sessionID', userID = '$userID'";
mysql_query($sql) or die (mysql_error());
}  // close the if

if you must start the session before this code (inadvisable) then use session_regenerate_id() instead of session_start(). i am not certain that this will work in the event that you have already started browser output but you could try.

additionally this might all be neater if you stored your session data in a database. here is some code that i wrote a couple of years ago to do this. insert the code in a separate file and require() the file in every page that you want sessions.

Code: 
<?
define("SESSION_TABLE", "");	//the table your session data will be stored in
define("SESSION_LIFETIME",ini_get("session.gc_maxlifetime"));	//the lifetime 
define("HOSTNAME", "");			//the hostname of your db server
define("DBUSERNAME","");		//the user for db access
define("DBPASSWORD","");		//user password
define("DATABASE","");			//the database used for session storage
$sess_dbc= "";

function session_open ($save_path, $session_name) {
	global $sess_dbc;
	$sess_dbc = mysql_pconnect(HOSTNAME, DBUSERNAME, DBPASSWORD);
	$sess_db = mysql_select_db(DATABASE, $sess_dbc);
	return (true);
}
function session_close () {
	//nothing to do
	return true;
}
function session_read ($session_id) {
	global $sess_dbc;
     $sql = "
	 		SELECT 
				session_values
			FROM ".
				SESSION_TABLE ." 
			WHERE 
				session_key = '$session_id' ";
				
     $result = mysql_query($sql, $sess_dbc);
	 if(mysql_num_rows($result) > 0):
	 	//session exists
		extract ($row);
		return mysql_result($result,0,0);		
	 else:
	 	return "";
	 endif;
}
function session_write($session_id, $values) {
	global $sess_dbc;
	$session_expiry = time() + SESSION_LIFETIME;
	$values = mysql_escape_string($values);
	$sql = "
		Replace 
		into ".SESSION_TABLE." 
		set
			session_expire = '$session_expiry'
			session_key = '$session_id'
			session_values = '".mysql_escape_string($values)."'";
  	$res = mysql_query($sql, $sess_dbc);
	return $res;
}
function session__destroy($session_id){ //note double underscore
  global $sess_dbc;
  $res = mysql_query("
  	Delete
	from ".SESSION_TABLE ." 
	where
		session_key = '$session_id'
	", $sess_dbc);
   return ($res);
}
function session_garbage_collection($lifetime) {
  global $sess_dbc;
  $res = mysql_query("
  	Delete
	from ".SESSION_TABLE ." 
	where
		session_expiry < '".time() ."'",
    $sess_dbc);
   return mysql_affected_rows($sess_dbc);
}

session_set_save_handler(
			"session_open", 
			"session_close", 
			"session_read", 
			"session_write", 
			"session__destroy", 
			"session_garbage_collection");
			
session_start();
?>

the sql for the database looks like this, although in your case you would probably want to add a userID field and perhaps also a timestamp. note that these field names correspond ok with the example for sessions in a database given above but do not correlate with my proposed answer to your question. you will need to interpret and change the table names/field names accordingly.

Code: 
CREATE TABLE db_sessions (
          session_key		varchar(32)				NOT NULL default '',
          session_expire 	int(10) 	unsigned 	NOT NULL default '0',
          session_values 	text 					NOT NULL,
          PRIMARY KEY  (session_key)
     );
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Wand850
  • Locked
  • Question Question
Parsing XML with multiple namespaces using PHP
Replies
3
Views
546
spamjim
spamjim
waubain
  • Locked
  • Question Question
Convert Indexed Multidimensional Array to Multidimensional Array with Key Value pair
Replies
2
Views
557
waubain
waubain
southbeach
  • Locked
  • Question Question
Haunted by vanishing session
Replies
4
Views
415
southbeach
southbeach
waubain
  • Locked
  • Question Question
Conditional search on multidimensional array
Replies
1
Views
290
waubain
waubain
Marine1969
  • Locked
  • Question Question
Displaying Multidimensional Array
Replies
8
Views
541
Marine1969
Marine1969

Part and Inventory Search

Sponsor

Back
Top