PHP - How to prevent user from logging in from multiple machines at the same time?

Question

Is there a way that I can prevent a user from logging into a system from different machines at the same time?

Thank you

Answer 1

The problem with all these solutions based on IP address is that if a user is behind a proxy server that routes their request via multiple IP addresses, this may fail in a way that means the user cannot remain logged in.

What you can do instead is just, when any user logs in, give them a new session token and expire all previous session tokens belonging to the same user.

This would require you keeping a table of all valid session tokens and which user they're associated with. Note that the built-in session handling of PHP is unlikely to be able to do this without much modification.