Hi all, i have a user with username say 'shamol'. I am loggin in with username 'shamol' in a browser in my site. Now i open another browser on the same machine or any other machine and try loggin in with same username 'shamol'. This second login with same username 'shamol' without logging off the previous login is successfull. I want to prevent this. My requirement is that any user should be able to login for first time and if user tries to login again without loggin off then user must be prevented by displaying necessary message. Any solution is most welcome, thanx, Ashish.
Ashish Gautam writes:
My requirement is that any user should be able to login for first time and if user tries to login again without loggin off then user must be prevented by displaying necessary message. You probably can do that, but you should *NOT*.
Note that HTTP is stateless. There is no connection that defines when a user is logged on. The server would need to maintain the "logged on" state. But then, you have the following dilemma. Either, anybody can logout a "logged in" user or only the "logged in" user can log out itself. I expect you prefer the second solution. But, when the server state becomes inconsistent (it thinks the user is still logged in; but the corresponding client state is lost), then the user will not be able to login again to do the log out. Your admiministrator will often be called to remove stale logged-in state... Dieter
participants (2)
-
Ashish Gautam -
Dieter Maurer