How To Limit the Number of Times a User Is Logged In
Permalink
Is there a way to limit the number of times a user is logged into a Concrete5 site? If I am selling memberships and access to the members only area of a website, I want a user to be able to be logged in only once and if a user is logged in and if someone tries to log in as that user again an error is returned. Is that possible?
You can't do it on number of logins, but you can do it on time. Remove someone from a group after so many, minutes, hours or days.
If you set your content pages to viewable by that group, users won't be able to access it after the time you specify.
If you really need the login once functionality, it would be a reasonably simple add-on to write.
You'd attach an event to the login, that checks and records the login against a custom user attribute for users in a specific group. If the login greater than 1, remove them from the group that has view access to your content.
If you set your content pages to viewable by that group, users won't be able to access it after the time you specify.
If you really need the login once functionality, it would be a reasonably simple add-on to write.
You'd attach an event to the login, that checks and records the login against a custom user attribute for users in a specific group. If the login greater than 1, remove them from the group that has view access to your content.
I am working on a site where the members area will have proprietary information and will be able to perform functions that you can only do in the members area. I want to make it so if one person buys access and then gives his login information to a friend, they both can't be logged to the same account at the same time. Or if an office with multiple people who would use this area, they buy the appropriate number of users that will need access to the members area. I hope this is making sense.
The trick is that the session is stored in a cookie(on the client). You can store something in the database, but the problem is that a system is not like an always on connection. Everytime you view a new page you reconnect, so you wouldn't know when to log the user out.
You could create a javascript helper that pings a database table every couple of minutes and if it finds a duplicate user id it logs the user out. But if the user turns javascript off this wouldn't work, but that's probably the best option.
You could create a javascript helper that pings a database table every couple of minutes and if it finds a duplicate user id it logs the user out. But if the user turns javascript off this wouldn't work, but that's probably the best option.
How about if every time a user loads a particular single page. There will be a large number of single pages and it's those pages that is the biggest concern to control how many times a user is logged in to use. Is it possible to write something into a single page rather than a page template that gets used multiple times across the site?
I also think this might be a dangerous idea - if it goes wrong, you'll have people not being able to log in and I can think of lots of scenarios where things could get messy.
Instead, it might be better to work out some kind of monitoring so you can tell if a user account is being abused, excessive logins, excessive downloads, etc.