Hi folks, not after language advice in particular, just logic advice.
We have a few subscription based web sites that clients use, and my boss has decided that we need to enforce only allowing a user to login once at any time so that no users login can be used on different machines at same time.
I'm struggling to get my head around how to implement this, especially as we use session variables to store the users id, and of course this can time out, it took me awhile to explain to my boss that when a session variable times out there is no event triggered on the server so in effect someone could try and login again and the site could refuse saying there already logged in. He seemed to think the server would know the session had timed out and could flag them as logged out in the db.
Is there any sort of unique identifier that the page can pick up and store in the database so at least we can see some evidence of the returning user being the same? IP address can't be used because some of these people work from home and its doubtful they'd have a static ip, and of course then there's users that are behind a router.


LinkBack URL
About LinkBacks
Reply With Quote