Prevent multiple login using the same user name and password

Question

I am developing an application that needs to prevent multiple login using the same user name and password.

If it happens on the same machine then obviously we need t

Answer 1

Maybe overly simplified, but hey... it works for me in Web2Py:

Only on successful login, I am writing the SessionID (response.session_id) in the auth_membership table. On the landing page (index page) I check whether the current response.session_id is equal to the SessionID coming from the DB. If so - all is fine. If not - (the "older" , first) user is politely logged out.

The above works since with each login a NEW response.session_id is created and stored in the DB. The checking is done only on the landing page (which in my app is the most important one, initiating many other functions), so not too many DB hits for the above. The above is not dependent on the user logging out. No IP address is involved (which others have mentioned, suffers from its own issues) It allows only ONE user to be logged in at a time and it logs out the "older" user.

Hope it helps NeoToren