block two users sharing the same login id? block two users sharing the same login id?
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

block two users sharing the same login id?

Started by alanlai, April 15, 2009, 10:47:10 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

alanlai

How to determine and block, if 2 users using different IPs, and login with the same user name simultaneously?


Fabricio Ferrero

The only way it's to block the IP with a .htaccess file. (But not a bright idea since the IP change -in most conection services- everytime the user get the conection).

If you want some of the users be allowed to login and the other not, just tell him/her to change his/her password and the other user would not be able to login.
Read Docs and Search the Forum before posting. - Soporte en español
--*--
Fabricio Ferrero's Website

Catching up! :)

Joachim Müller

Why would you want to disallow a user to be logged on on two machines simultaneously? What's so bad about that? What's the abuse potential?

The reference to the .htaccess file being the only way to stop this is not correct imo: you could easily enable detailed logging and then add a code section that compares the IP addresses for any given user, but this has two disadvantages:
  • You'd be burning a lot of resources, probably with a notable performance impact
  • The code needed to do what you're up to hasn't been coded, so you'd have to come up with that custom code, which is not a trivial task

I can't see how you could possibly accomplish what you're up to using .htaccess methods, as neither the file system on OS level nor the apache webserver are "aware" of the logged-in user: that logic is only known to the script.
As suggested, you need to figure out if this is really needed: maybe you could tell us first why you think that you need to block visitors by IP because they appear to be using the same user name. My guess is that this is where the initial problem lies: you might be making false assumptions. So describe in detail what happened and what you try to prevent from happening.