Hi all, I'm using sessions to hold registered user information once they log in. Basically just $_SESSION['username'] = username; Is it possible to test to see, at login, whether a session with that user name is already running on the server where someone might be logged on from another computer? If not, what is the best way to limit the number of times a single username can be active at a time? Thanks in advance for your help.
To keep track of "is logged in" you need to "ping" the user with something like AJAX or just simply do it with every page refresh. You will need to store this information somewhere, not in a session, so that you can access all tracking data independently of the session. Best option is to just use a database, and have some kind of a session table. Whenever you "ping" the user, page refresh or background AJAX call, you know they are logged and and you updated the session table with the current timestamp. With this data in the database, you can always tell who is logged in. You would need to set some kind of a time limit so the "is logged in" actually expires, after 15 min or whatever works for you. You could use a cron job to maintain the session table and delete any expired sessions. That should point you in the right direction
Most applications that I use that prevent logins from multiple locations also track IP and the IP and last active time can be used for your case too. So when someone logs in and that username has already been logged into recently with another IP, you can identify these suspect logins.