How to logout previous session of a user,if he logins again on same or different browser

Question

I have a query, I want that if a user is already logged in to a web page and again he Relogins from same or different machine then his previous session should be killed and aut

Answer 1

Here is my really contrived method for detecting different machine logins

1. When the user logs in, generate a hash key for him, store it in his session, and in the database. The database only stores one the hashkey for the user (it's not a history of login)

2. Whenever the user accesses a page, check that the hash key in the session matches the one in the database

3. If it matches,all is well.

4. If it does not matches, it is not from the same machine; because if the user logins elsewhere, a new hashkey would be generated and would replace the one in the database.

4a. Tell the user on the original machine that 'You have been logged into somewhere else' and unset all the session there (that is, log him out). But that is only on the next page refresh - which can be avoided if you use AJAX

As for same login - if the user tries to login into the site while he is already logged in, just display a message that he's already logged in? What's the intent of flushing the session data if he logs in again (are we talking about the same user logging into the same site on the same machine here?)