Simultaneous database login - efficiency

Asked

Viewed 39 times

1

Hello!

To prohibit simultaneous login of the same user in a local PHP system, where it will have a maximum of 50 long-term users (initially between 15 and 20), I created a table in the database, where data from a session is inserted each time the user logs in the columns (id,id_user,created), and the system checks whether there is any active with the user ID. If you find it is redirected to a page where you can choose to destroy all sessions or keep the session active, in which in both cases you return to the login page, where in the first option you pass a logout page before deleting record in the database (deleting record in the database, which upon a new request of the "old" user will also be redirected to login page. Updating the page does not drop it), and in the second nothing happens (only redirecting and keeping record of the old user’s session). I also made the HTML5 tag redirect in case of inactivity by 1hr.

One of the things I confess that I am bothered about is the fact that every page request has to be searched for the database to know if the session is active, making an instantiation for each request, I’m afraid that affects the performance...

1 - I would like to know if you find this solution efficient for a local system?

2 - I realized that SQL, with each new insertion in the BD even if there is no record in the table, it increments the id of the session from where it stopped in the previous insertion... I know that the type INT has a limit, when it is reached it will increase again from 1 or I will have to change type?

php sql login

1 answer

0

To validate if there are no multiple accesses with the same user, just check in the login if the user already has an open session, if any treat as it already does, otherwise access normally. The user has no way to access other pages without going through the login, so you don’t need to check every request, only in the login.

Now the INT field stores up to 2,147,483,647, by the amount of users using the system, you can rest assured that it supports. But do an account to validate.

Amount of daily logins. Ex.: 50 usuarios x 100 logins = 5.000, I find this amount of logins a lot, but I’m exaggerating a lot. The INT goes up to 2,147,483,647 so 2.147.483.647/5000 = 429.496 dias and 429.496 / 365 = 1.176 anos. Change the access values to the real ones and see how long it would take you to fill them all.

Note: This account is to illustrate how big the INT value is, but other factors may influence the choice of type.

  • Thanks for the tip! Obs.: I noticed that when I turn it off and no session is active, it will re-enter ID 1 again! With respect to checking each request the logic is as follows: check the login to see if it has active session for the user, if yes redirects to drop or keep old session, and every page request to see if it has active session (comparing login and session id) so that it can not continue browsing normally after "tipped", and there will be another session with your login, which will give true, but for consulting the session ID will be F

Browser other questions tagged php sql login

You are not signed in. Login or sign up in order to post.