How can i prevent a double authentication of the same user?
I explain it better:
I have a page protected by username and password, when an user attempt to enter into this page and prompt a valid username and password I would want the script check if there is another active session of the same username and in that case it will not give the access to the page.

I register the session's information into a database so I can check if the user is already connected but I can't delete the record when the user close the browser so I can't know if the session's information that i find in the database is active or not.

Thanks
Lele

Originally posted by lelebug
How can i prevent a double authentication of the same user?

I register the session's information into a database so I can check if the user is already connected but I can't delete the record when the user close the browser

But you can delete the record if session is expired and provide to user something like a "Logout" button.

Yes but i want the session to expire only when the user close the browser and if he doesnt close it clicking to "Logout" button I dont know how to do to know the session is closed.

thanks
Lele

for the browser closing, you might use the body's onUnload event.

If there aren't any actual server-based session/application variables to use, you could mimic one: update a time field in the DB everytime a user successfully logs on. Everytime they try to log on (maintaining a session, or loading a page using their login), if the time is older than a certain amount then, count it as expired and get them to log in again.

...something like that might work anyway. hope there're some ideas for yas.

Originally posted by lelebug
Yes but i want the session to expire only when the user close the browser and if he doesnt close it clicking to "Logout" button I dont know how to do to know the session is closed.

thanks
Lele

I think having a Logout button is necessary. So, you point that log out button to a page like "logout.php" or whatever, then in that page delete the record from your database and print out a message like "You logged out successfuly" (something like Yahoo!).

For checking if your user is logged in, you can do what Moeis prescribed!

PS: I personally think it's better you change your host if it doesn't let you have session variables!