We need a way to control concurrent logged in users limit control in commercial product we are building. Anyone have an example or any suggestions?
Hi mstopkey,
Yes you can control current logged in users using ScriptCase. Please follow these steps.
[SIZE=5]Example to limit current logged in users (Update 2)[/SIZE]
This example is based on the Scriptcase security module. With this example you can verify that one account is being used ONLY by one user session. if another user try to login using the same account the first user will be logged out.
-
Create a field “session_id” in the users table.
-
In the login form, onvalidate_success get the session_id() of the current user and save it to the “session_id” field .
$session_id=session_id();
sc_exec_sql("UPDATE user_table SET session_id='$session_id' WHERE login='".[usr_login]."' ");
- Create a new library TOOLS->LIBRARIES and save as “check_session.php”
- In your “check_session.php” compare your current user session_id() VS your users table session_id. Like this:
function check_session(){ //name of your function to validate
sc_lookup(ds, "select session_id from users where login='".[usr_login]."'");
if({ds[0][0]}!=session_id()){
echo "<script>alert('Another user has logged in using this account.')</script>"; //shows a message
sc_redir('../login.php'); // redir the user to login form
}
}
-
Include the “check_session.php” library on all your applications. PROJECTS->DEFAULT VALUES-> LIBRARIES or manually in your apps using the PROGRAMMING->LIBRARIES menu.
-
Onload of all your apps call your function to validate. In this case i name it check_session(); (step 4)
Thanks for the tutorial! I have followed your instructions verbatim but I do not have it working. In the session_id field in the users table, it is inserting this value: “.session_id().” It seems to be missing a step. Can you advise?
It seems to need a step of creating a session ID to update the users table with.
Hi mstopkey,
If you get “session_id()” as a text convert it in a variable like:
$session_id=session_id();
sc_exec_sql("UPDATE user_table SET session_id='$session_id' WHERE login='".[usr_login]."' ");
Note: You dont need to create a session_id, the session id is always created automatically by SC.
[SIZE=5]Explanation without code[/SIZE]
USER 1 using account ‘jonh123’
1.- User1 Login and save session_id in mysql ( Lets say with a value ‘A’ for account ‘jonh123’)
2.- When user1 navigate there is a validation on every page that compare
are session_id in mysql (‘A’) equal to == current session_id (A) ? it will be true, (no alert for user1)
USER 2 using account ‘jonh123’:
1- User2 login and save session_id in mysq (with a value ‘B’ in this case will be replaced ‘A’ to ‘B’ for account ‘jonh123’)
2-When user2 navigate there is a validation on every page that compare
are session_id in mysql (‘B’) equal to == current session_id (B) ? it will be true, (no alert for user2)
But now When USER 1 tries to navigate will be compare
are session_id in mysql (now is ‘B’ because user2 change it in mysql) equal to == current session_id (A) ?
will be FALSE B is not equal to A, in this case user1 is logged out.
@hirambq: check_session() must by call in every app, or is that (the call) an automatic feature from SC?
In your code: exit() after sc_redir is obsolent … 
Thank you i will update it :D.
You need to create a library and include on all your project you can save your library as ‘check_session.php’ and create a function named check_session(); so you can call it in all your applications when loads.