Home/ Questions/Q 6769571
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-26T15:12:33+00:00

I need a way to prevent a user from logging in on multiple computers

  • 0

I need a way to prevent a user from logging in on multiple computers at the same time.

Currently, when the user logs in, I store the userID in a session variable. At the same time I would like to delete all other sessions with the same userID. Is that possible?

Edit:
I didn’t mention that the solution has to be file based. PHP talks to a web service and isn’t permitted direct database access.

Solution:
Thanks for the all the comments. Here is the finished code:

// When a new session is created
file_put_contents(TEMPDIR."session_".$userid, session_id());

// For each request
if (file_exists(TEMPDIR."session_".$userid) == true) {
    $session_id = file_get_contents(TEMPDIR."session_".$userid);
    if ($session_id != session_id())) { 
        session_destroy();
    }
}
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Each time a user logs in, you could write session_id() to a file named $user_id.session. Then each time you call session_start() at the top of your script, load the contents of the file and if the id contained in $user_id.session does not equal session_id() then you would call session_destroy() to destroy the old session.

    Alternatively you can (and should) write this same information to a Key-Value Store (KVS) such as Redis or Memcached, or, if you really must, to a database.

    For clarity, I’ve added the following information from the comments:

    I.e. each time you log in (on a new computer) you write a new session_id() to the file, and thus the OLD sessions are expired (if and when they attempt to reload the site) since they no longer match the session_id() in the file.

    • 0