I have a problem that when a person logs in then he should be restricted to only one IP address. He should not be able to login through different machine at the same time so is there any way to maintain session without using session cookie and without using session id in URL?
Asked
Active
Viewed 1,145 times
0
-
have you tried using localstorage or sessionstorage? – radu florescu Dec 15 '12 at 07:33
2 Answers
0
yes, by writing session in database. Apart for usual session data (id, and user data) you write and user_ip. So, while session is active you can restrict user access from another ip/machine or even browser (if you set your session uniqueness to be IP and browser headers - user agnet )
Please check link bellow, on how to extend session handler and save/read to/from database (and hence not using cookies)
set session in database in php
and this
-
Yes I have seen issues with IP address. Is there any more secure and perfect mechanism? – user1844090 Dec 15 '12 at 07:49
-
@user1844090 That depends what is the nature of your app. If you want user to be able to login only from one place at any given time,then you don't really need an IP. You just kill the session of the previosus lodged in platform/location (basicly a new session is creted whenever user logs in, while previous is always destryed upon login. so you end up with user being able to login only once) – Elijan Dec 16 '12 at 02:18
0
You can create a database table that gets updated with a session ID when the user logs in and removed when they logout. At login, you can check the database to make sure there isn't an active session in the DB.
user1903020
- 187
- 5