Prevent duplicate login with FOSUserBundle

Question

Our application is using Symfony 2.0 and MongoDB with FOSUserBundle for user management.

Client wants to p

Answer 1

You could add an IP address column to the user entity that stores the current user's IP upon login. On each page load (via an event listener), you could check the IP stored in the DB against the IP of the person requesting the page. If the IP in the DB doesn't match the current user's IP (someone logged in from another location), log them out.

To take it a step further, via ajax, you could make a call to the server every X seconds that performs the same type of check, and do a redirect to log the user out if the ajax request returns a bad match.