Is there a way that I can prevent a user from logging into a system from different machines at the same time?
Thank you
Share
Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
Is there a way that I can prevent a user from logging into a system from different machines at the same time?
Thank you
The problem with all these solutions based on IP address is that if a user is behind a proxy server that routes their request via multiple IP addresses, this may fail in a way that means the user cannot remain logged in.
What you can do instead is just, when any user logs in, give them a new session token and expire all previous session tokens belonging to the same user.
This would require you keeping a table of all valid session tokens and which user they’re associated with. Note that the built-in session handling of PHP is unlikely to be able to do this without much modification.