Re: [Phplib-users] One User logged in at the same time...

[darcy w. c. <da...@el...>]

No, you are right.  i was being sloppy.  in fact, what was i thinking?

still, there might be a way.  If you added a timestamp to your session
and make sure the timestamp is updated everytime the user continues in a
state of authentication, it would be possible to know if a user is
logged on beyond the authentication timeout.  i've built in a javascript
refresh into my site, so that the page is refreshed after the
authentication timeout, just to force a logout.

question:  how and when are session records removed?

Jens Benecke wrote:
> 
> On Tue, Nov 06, 2001 at 02:40:22PM -0500, darcy w. christ wrote:
> 
> > i have not done this, but it's certainly possible.  One thing you could
> > do is create a new table for logging who has been authenticated.  i have
> > done this by adding this function to my auth class.
> >  (...)
> > But if you did this where the user is being authenticated and you put the
> > last_insert_id() into the table, you would be able check both the session
> > table and this auth log table for someone logged in.  Does that make
> > sense?
> 
> I don't think this works as advertised. How do you know when a user logs
> off? That's the whole problem. You can of course keep a log of all logged
> in users, but this doesn't help if you don't know when users
> 
>         - go to another site (i.e. log off, practically speaking)
>         - close their browser window (i.e. log off)
>         - computer crashes (i.e. they loose session cookie anyway)
>         - etc.
> 
> so you don't know when to allow a second user in.
> 
> Or did I miss the point?


-- 
~darcy w. christ
Elegant Communications Inc.
416.362.9772 x222 | 416.362.8324 fax