2
Hello I wanted to know how to disconnect a user if he enters another account in the same browser with the same IP, PHP use Séssion, if you can help me thank you so much!! Because the user can log in to as many accounts as he wants.
1 answer
3
I believe that the best thing to do would be to store and query the database to check if there was no connection to another account.
For example:
When connect is created this:
$_SESSION['conectado'] = true;
$_SESSION['id'] = '1';
$_SESSION['confirmado'] = time();
When you access another page (and make a request by ajax, at last!):
if($_SESSION['confirmado'] < (time() - 300)){
$query = mysqli_query('SELECT EValido FROM usuario WHERE id = "'.$_SESSION['id'].'"');
$valido = mysqli_fetch_all($query);
if($valido[0] === '1'){
mysqli_query('UPDATE usuario SET EValido = 0 WHERE id != "'.$_SESSION['id'].'" AND ip = "'.$ip.'"');
$_SESSION['confirmado'] = time();
}else{
// Não está conectado!
session_destroy();
}
}
That’s just one example!
This will cause the server in some situations to check whether it is valid or not, by doing the session_destroy if it returns that it is valid. Such verification would be done after 5 minutes after last.
To update the value of EValido from the database you should check the IP (in this case) and compare with others already connected, so if another user with the same IP connect the old will be disconnected.
ATTENTION:
Public, open, and shared networks cause the same IP to be used for multiple devices and users. Therefore, disconnecting users just because they have the same IP can be a big mistake and inconvenience for multiple users, see if this is really necessary! In addition there are people who may own two internet providers, often using load, so the two Ips can be alternated with each request, which can cause constant disconnection!
To make matters worse, there is a shortage of Ipv4. Such scarcity means that several people, from the same provider, can own the same IP! This is due to the use of CGNAT. Is there including there is a video about it created by NIC.br and there is also a post, with a supposed solution! Honestly, I do not know much information about Ipv6, but in December 2015 the use of Ipv6 was ~6.42%, do not expect that the use of Ipv6 has expanded so fast. This only considering Brazil.
Browser other questions tagged php session
You are not signed in. Login or sign up in order to post.
If you simply store the ID of the logged-in user on Session, there is no way that this is happening because when you reconnect, the previous ID is overwritten. The problem is in the current architecture of your code. Great chance that any attempt to get around the situation will be worse than fixing the problem in the right place. Now, if you want the user not to connect in different browsers, or in a private tab, the problem is another (and any attempt to resolve may affect users who share the same IP). The ideal remains to solve in architecture instead of patching.
– Bacco