On Tue, 2 Nov 2004 15:02:11 +0200 (IST), Gabor Szabo <suppressed> wrote:
> The problem arises when I want to add further information to the
> "sessions" table. I'd like to be able to control how many times each user
> is logged on at the same time. (Usually that will be <= 1 as we don't
> want clients to use the same login information from multiple locations).
What I would do in this case is use the username as the session ID.
This will work if your sessions are only used for logged in users. It
will allow you to find the session that belongs to a specific logged
in user, and guarantees that there will ever only be one session per
user.
If you want to restrict access to one computer, then place the IP
address of the user in the session and compare that on subsequent
requests (not totally secure, but usually good enough). You could
probably come up with some other info to put in the session to
identify the computer (even a second cookie with a unique ID that is
stored in the session would do).
Cheers,
--
Cees Hek
---------------------------------------------------------------------
Web Archive: http://www.mail-archive.com/suppressed/
http://marc.theaimsgroup.com/?l=cgiapp&r=1&w=2
To unsubscribe, e-mail: suppressed
For additional commands, e-mail: suppressed
Mail converted by mhonarc 2.6.15
This archive provided courtesy of JSW4.NET, Internet Hosting Services for Small Business.