Re: Sessions and closing the browser

From: Tim Van Wassenhove (euki_at_pi.be)
Date: 09/25/04 

Date: 24 Sep 2004 23:16:37 GMT

In article <Xns956EA0914D80densnews123@216.168.3.44>, Theo wrote:
> Question for the group
>
> The authentication system for the site Im working on seems to function
> properly and all is good. A session keeps track of everything and a
> cookie is used to accept or deny access... sounds as it should be I hope.
> Then when all is done logging out destroys everything and the pages are
> no longer accessable. Good so far.
>
> But two things come to mind: one is preventing multiple logins of the
> user/password. The solution from what Ive read seems to be using another
> variable to check whether or not the user is already logged in (a simple
> yes or no). Simple enough. I imagine logging out normally and deleting
> all values removes this and then the cookie is deleted. But, what if the
> browser is simply closed? If I understand how everything works the cookie
> will still be there for a set period until its removed automatically.
> What if the user logs in, closes the browser, and tries to log in again?
> Is the value saying the login already exists still there? Or am I
> thinking I need a solution to a problem that is already transparently
> handled?

Instead of yes/no store the timestamp. And save that timestamp in the
session.

Everytime a user requests as page, compare the session timestamp with
the timestamp in the database.

If a new login has been done, the timestamp will be different. 

-- 
Tim Van Wassenhove <http://www.timvw.info>

Relevant Pages

  • Re: Best way to remember a logged in user
    ... >> a logout button or try to login unsuccessfully, ... Surely they do not leave the session active for a user who has not ... It must be through a cookie then - but ... account until the uniqid was changed. ...
    (comp.lang.php)
  • Re: tracking logins
    ... You might wonder how after the login is complete that the server can ... By TCP/IP session. ... The server sends a cookie at login time, ...
    (comp.lang.java.programmer)
  • Re: Need basic session randomness for dummies help.
    ... verification, simply seeing is cookie is set, if so if the value of it ... matches a set string--if so, present page, if not, present login form. ... token, the IP address, and the agent string gives me my fingerprint ... which is stored in the visitor’s session. ...
    (comp.lang.php)
  • Sharing a shopping cart between 2 sites...
    ... There'is no login / password solution wanted, so i must use cookie and ... cookie will be accessible from the 2 sites, not the $_SESSION but i can put ... BUT, my boss want not an alias url, he wants http://www.foo.com, so i think ...
    (comp.lang.php)
  • Re: how we use referer header to track users
    ... require a login and set one cookie containing a session number. ... it's supposed to be public, just set a cookie if one isn't already set and the user leaves a nice little trail across your site, proxies or no. ... You *especially* don't want a login, as that will deter people from bothering to contribute, since who can be bothered to make up and memorize yet another username and password on top of the six zillion they already have forgotten these days? ... If you actually want lots of user participation, requiring logins is a great way to sabotage those goals, and you'll need a captcha on the registration form to stop automated spamming anyway, so just put the captcha on the submission form instead. ...
    (comp.lang.java.programmer)