Jump to content
Larry Ullman's Book Forums

Recommended Posts

Hi Larry,

I want to manage logins to disallow duplicate logins so that one subscriber can't use another subscriber's login credentials to log in simultaneously.

I was thinking of adding a "logged_in" ENUM column to the user table with values "Yes" and "No". The value is set to "Yes" when the user logs in and to "No" when the user logs out.

But if the user just closes the  browser window without logging out via the website, that would create an issue when the user tries to log in again. Your thoughts on this will be much appreciated.


Edited by Jacques
Link to comment
Share on other sites

For starters I definitely wouldn't put this into the users table. That table represents an entity: the user. What you're describing is representing activity, so I'd create a logins table for that. 

As for the goal itself, as I'm sure Netflix can attest, this is tricky and may not be worth the effort. You can't assume people will log out, as you noted. But that also includes situations like I start using the site on one device but then go to switch devices. I definitely access some sites on multiple devices in a single day. 

In any case, the best thing I can think of would be to rely upon sessions here. Store the session ID in the database, along with the user ID. Sessions will automatically expire after inactivity, based upon your site/server settings. When someone logs in, you could check if there's an active session already. 

But I wouldn't bother, personally. You'll have to create a lot of work to hopefully catch a few cheaters while occasionally annoying legitimate users. I'd rather put my effort into making a product so great people would gladly pay for it. 

Link to comment
Share on other sites


  • Create New...