Hi guys please help me, I am doing programs right now using php and I am concern about the security of my program. Can you give me some ideas on how to prevent multiple login / single login at a time? How can I allow the user to login from different pc if he forgot to logout on his computer or the cookies already expires? Thank you very much for your help.
HTTP is inherently a stateless protocol. This means that a user actually authenticates (logs in) for every request he makes to your website. In practice, statefulness is added to HTTP with Cookies, Tokens and PHP sessions. Every request to your website is accompanied by a session ID which lets the webserver know which user is making the request. This also allows you to store variables in the "session" that will follow the user around your website. If you store the session ID in your database along with the username, you can identify when another computer with a different session ID logs in as that user. To put this another way, if the same user has two different session IDs in the database, he is using two different computers (or at least, two different browsers) If a user forgets to log out, or his computer crashes, or any one of the other things happen that could cause him to lose his session ID, you should prompt him to login again and store the new session ID in the database. If two people are using the same login from different computers, this will cause them to continually log each other out.
thank you very much for your reply, it gives more ideas for the security of my system. again thank you. God Bless