Limit # of simultaneous logins?

That was exactly what I told her.

So - how would you approach this problem, then? One solution is to monitor
simultaneous logins, and that clearly is impractical.

How would you enable 'group' access if not this way?

--
Murray --- ICQ 71997575
Adobe Community Expert
(If you *MUST* email me, don't LAUGH when you do so!)
==================
http://www.dreamweavermx-templates.com - Template Triage!
http://www.projectseven.com/go - DW FAQs, Tutorials & Resources
http://www.dwfaq.com - DW FAQs, Tutorials & Resources
http://www.macromedia.com/support/search/ - Macromedia (MM) Technotes
==================


"Gary White" <reply@newsgroup.please> wrote in message
news:0g50e3pf0mguo3cq92rim3rvj27nrdhqfl@4ax.com...
> On Thu, 6 Sep 2007 10:38:10 -0400, "Murray *ACE*"
> <forums@HAHAgreat-web-sights.com> wrote:
>
>>With PHP/MySQL is this feasible?
>
>
> Not really. Because some users may simply close the browser instead of
> logging out, you have no reliable method to determine who or how many
> may still be logged in.
>
> Gary

I can't speak for the PHP universe, but principles tend to translate so I'll
take a shot anyway.

In ASP, you've got session_onstart and session_onend in your global.asa
file. Obviously, if the user does not log out and just closes the browser,
the session will remain active until it times out, but session_onend will
run regardless of how the session is ended. The session_onstart and
session_onend can be used to edit application variables (which are truly
global and only fall out of scope when IIS is restarted). The application
variable might, for instance, be named after the user ID and contain the
number of current active sessions. Session_onstart is set to create or
increment; session_onend is used to decrement.

In the case of a user closing the browser, you'd have a login unavailable
until the session timeout is reached. Typically, explaining this to users
is good enough and everyone understands that if they make a mistake (or have
the computer crash or something), they may need to wait 20 minutes before
they're allowed to log in again (assuming you're using the default 20 minute
timeout). As long as it's known up front and not a nasty surprise, people
are generally understanding.

I don't think PHP has application variables, but you could do the same with
a text file or a database table (with the bonus that a database table can be
used to store session ID, login, logout, etc and give you all kids of
history info). The crux of the matter is finding out if a PHP application
has the equivalent of a global.asa and/or session_onstart and session_onend
event handlers that are handled by the web server and not any particular web
page. Sorry I can't be of more help there.


"Murray *ACE*" <forums@HAHAgreat-web-sights.com> wrote in message
news:fbp56d$lpq$1@forums.macromedia.com...
> That was exactly what I told her.
>
> So - how would you approach this problem, then? One solution is to
> monitor simultaneous logins, and that clearly is impractical.
>
> How would you enable 'group' access if not this way?
>
> --
> Murray --- ICQ 71997575
> Adobe Community Expert
> (If you *MUST* email me, don't LAUGH when you do so!)
> ==================
> http://www.dreamweavermx-templates.com - Template Triage!
> http://www.projectseven.com/go - DW FAQs, Tutorials & Resources
> http://www.dwfaq.com - DW FAQs, Tutorials & Resources
> http://www.macromedia.com/support/search/ - Macromedia (MM) Technotes
> ==================
>
>
> "Gary White" <reply@newsgroup.please> wrote in message
> news:0g50e3pf0mguo3cq92rim3rvj27nrdhqfl@4ax.com...
>> On Thu, 6 Sep 2007 10:38:10 -0400, "Murray *ACE*"
>> <forums@HAHAgreat-web-sights.com> wrote:
>>
>>>With PHP/MySQL is this feasible?
>>
>>
>> Not really. Because some users may simply close the browser instead of
>> logging out, you have no reliable method to determine who or how many
>> may still be logged in.
>>
>> Gary
>
>

Lionstone wrote:
> The crux of the matter is finding out if a PHP application
> has the equivalent of a global.asa and/or session_onstart and session_onend
> event handlers that are handled by the web server and not any particular web
> page.

No, PHP doesn't have an equivalent of global.asa.

However, you could do it by storing the session ID in a database
together with a current timestamp each time an internal link is clicked
or a page is reloaded. You also need to create a session variable with
an expiry time. If the expiry time is older than the current time,
destroy the session and log the user out the next time a link is clicked.

When a user logs in, check the timestamp in the database. If it's more
than 20 minutes old (or whatever time limit you have set), create a new
session. If it's within the expiry limit, refuse entry.

--
David Powers, Adobe Community Expert
Author, "The Essential Guide to Dreamweaver CS3" (friends of ED)
Author, "PHP Solutions" (friends of ED)
http://foundationphp.com/

On Thu, 6 Sep 2007 11:08:59 -0400, "Murray *ACE*"
<forums@HAHAgreat-web-sights.com> wrote:

>That was exactly what I told her.
>
>So - how would you approach this problem, then? One solution is to monitor
>simultaneous logins, and that clearly is impractical.
>
>How would you enable 'group' access if not this way?

I'd just set it up and not worry about how many are logged in. Like we
both said, there's no reliable way to limit it. Anything you do to try
and limit the logins runs the risk of denying legitimate access to a
valid user simply because someone else either closed their browser or
navigated away without logging out.

Gary