I'm trying to forbid multiple logins by the same u开发者_StackOverflowser at the same time to my CakePHP (1.2) driven site. However, that's not as easy as I thought since I have no idea how to get the information if a user is already logged in or not.
I'm using Cake's Auth-component to authenticate users. The sessions are handled by the php installation and php stores the session data in files. So I guess it is not possible to access the session data from a controller (for, of course, these files aren't saved in the webroot). I thought about checking if a user is logged in or not by using a special database field but there is no way to find out if a user is logged out or not if he doesn't use the logout-method but simply closes his browser and so ends the session.
Can anyone think of another way to manage that? I don't need to know all data about every logged in user. The only thing I need to know is if the given username is logged in at the moment.
Thanks in advance.
I think CakePHP will have this behaviour automatically if you set Security.level
to high
in your core config file, as it regenerates the session ID each time.
Configure::write('Security.level', 'high');
Alternatively, the logic behind it is that you could save a hash of the users IP/User Agent in the user table when they login, and if a computer with a different hash to the one you have saved tries to do something, logout the user. This way only the latest user will work.
精彩评论