as3 unique login session

Question

I've got a login working flash >> PHP >> MYSQL and capable of doing everything I need.

However, I've been presented with an issue that a person could be logged in under the same account and start mucking around with things. This creates issues with updating data as someone can change something and the other person may overwrite their data or duplicate it.

I've seen some mention to a php session but would need some more information.

Would I set a timer as of login so that in my MYSQL database I have User|Pass|TimeStamp. After logging in, the timestamp is adjusted to Now()+15 seconds and every 10 seconds the timer would call and update the time stamp (+15s) again. Thus, at login, if a person attempts to login, the time of login must be > then the time stamp?

I would think that this way if the currently logged in user moves away from the flash program, the login timer would no longer be triggered??

Is there a different way I should go about this? Set up an inactivity auto-loggout every 5 minutes? If someone attempts to log in, it sends a request out to all active browsers to see if the username/password session (I use an instance ID) is being used?

Some code or directions to what I should look into would be greatly appreciated.

jc

Answer 1

I suggest you to proceed with your logic (updating database in some intervals), with a little change - not using a timer for it, but update in each user interaction.

---

Let's say your IDLE_TIME is 10 minutes.

• Each time the user navigates throught any section, or makes any significant change, you'd update the logging timestamp.
• if the user do not interact for that time, he'll be kicked out;

I implemented something like that a years ago, but using only PHP. At the top of all my files, I'd compare the last interaction timestamp with the current time, if bigger than IDLE_TIME: Kick, if not, update.

Use a timer would be a little unnecessary and painful to your database, if a great number of users be using your system at same time.