How to logout previous session of a user,if he logins again on same or different browser

Question

I have a query, I want that if a user is already logged in to a web page and again he Relogins from same or different machine then his previous session should be killed and aut

Answer 1

When user logs in again, simply generate new session ID and previous one will become invalid.

Answer 2

Here is my really contrived method for detecting different machine logins

1. When the user logs in, generate a hash key for him, store it in his session, and in the database. The database only stores one the hashkey for the user (it's not a history of login)

2. Whenever the user accesses a page, check that the hash key in the session matches the one in the database

3. If it matches,all is well.

4. If it does not matches, it is not from the same machine; because if the user logins elsewhere, a new hashkey would be generated and would replace the one in the database.

4a. Tell the user on the original machine that 'You have been logged into somewhere else' and unset all the session there (that is, log him out). But that is only on the next page refresh - which can be avoided if you use AJAX

As for same login - if the user tries to login into the site while he is already logged in, just display a message that he's already logged in? What's the intent of flushing the session data if he logs in again (are we talking about the same user logging into the same site on the same machine here?)

Answer 3

If you attach a session id to a user id, then when you create a new session id, it will replace the current session id, and when you check for the valid session id, you will see that the old one is not longer found, so your application would tell them that they have been logged out.

If you want to keep track of the session id, then just have a valid flag that is unique between the userid and valid flag, so each user only has one valid session at a time.

If you see that they have a second session id then you can let them know that they were logged out of the first session due to logging into the new session.