Thread

Hello all,

i can’t succeed in resolving a matter involved with “Allow multiple log-ins from a single account?” feature. It doesn’t work.

It says in description that:

Determines whether more than one person can simultaneously access the system using the same user account. Note: If your Session Type above is set to “Cookies Only” this feature will not work.

But I logged-in my site with same user from 2 computer with different public IP and remained logged on both.
Is this working as intended or not?
I expected to be logged out from one of the two sessions but it didn’t happened.
I’m using Solspace User Module and EE 1.6.8 B.20090723

Thanks in advance.
Marco

So you are setting “Allow multiple log-ins from a single account?” to “No”, correct. Also, you are using sessions_ids (also) for both front end and back end authentication?

I set “No” to “Allow multiple log-ins from a single account?” and used “Cookies and session ID” both “Control Panel Session Type” and “User Session Type”.
I checked files core.session.php and directory modules/user about solspace and seems there is no check against already logged-in user. (im a coder, should have readed it correctly but solspace file is quite long so i could have missed something.)
Key lines should be the ones with “user_session_type” var inside, but dunno. (this var is setted correctly to “cs” inside $PREFS object).

WTA, there are a few things you can try:

Wipe both browser’s cookies to eliminate any old ones, and then try using sessions only. See if that makes a difference.

The other possibility would be to take User out of the mix.

See if either help.

Thanks Sue for suggestions but with only sessions is the same: doesn’t work.
What do you mean with “take User out of the mix”?

The fact is that I need both cookie and sessions. Cookie for being accessed from another distinc application script that doesnt share server and sessions for statistic and more.

Anyone tried this feature and got it work?

Just tried with a clean installation with only admin user. (obviously parameters setted as starting post)
As you can see from a exp_sessions table dump we have 3 connection. Is this working as intended? Developer please, let me know.

| session_id                               | site_id | member_id | admin_sess | ip_address    | user_agent                                         | last_activity |
+------------------------------------------+---------+-----------+------------+---------------+----------------------------------------------------+---------------+
| 7cfddf2111aaeb6a7087702536f655f137f40ec1 |       1 |         1 |          1 | 88.xx.xxx.xxx | Mozilla/5.0 (Windows; U; Windows NT 5.1; it; rv:1. |    1252331335 |
| f56cf9ba0661e212a632da824811d0b0e3edd0fd |       1 |         1 |          0 | 88.xx.xxx.xxx| Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; |    1252331454 |
| 3ca2c0d23d3748a4d7c0a896cc84988a58573627 |       1 |         1 |          0 | 85.xx.xx.xxx| Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; it |    1252331526 |

WTA,

I expected to be logged out from one of the two sessions but it didn’t happened.

You won’t get an automatic logout. The switch is to stop multiple logins. So if you are logged in on computerA and attempt to login on computerB you will receive an error message and will be unable to login and vice-a-versa.

Being a SuperAdmin overrides this I believe. You will need to create an admin based on the SuperAdmin to test this.

I created an user with group “members” and tried to login frontend. Logged on both computer without any minimal message.

Would be a “good start” if someone here had this feature working, rather than a not working feature.

Any developer could tell me in which file and function should be the check for the sessions? Or what message system show when user already logged so i could find and debug it?

Thanks

WTA:

Are you using the user module at this time?  Sue was asking that if you are, to please get this out of the mix, rather, uninstall it for the time being.  The feature does work for me, but we need to eliminate possibilities and look at ExpressionEngine without addons being used.

-greg

How funny….
I spent many hours trying to understand the logic of this function till when as fast as lightning i saw that last_activity field was updated minus session length. Debugging it i saw that last_activity was never > than $expire and the query never got any result and i could log 1000 times.

mod.member_auth.php
row 367

$expire = time() - $SESS->session_length;
            $expireBug = $expire  - $SESS->session_length;
            // See if there is a current session

            $result = $DB->query("SELECT ip_address, user_agent, last_activity 
                                  FROM   exp_sessions 
                                  WHERE  member_id  = '".$query->row['member_id']."'
                                  AND    last_activity > $expireBug
                                  AND     site_id = '".$DB->escape_str($PREFS->ini('site_id'))."'");

Dont know how, why and which module or person did or changed it, too tired to realize now.

It works as intended.
Thanks to all and sorry for my english.

Bye,
Marco.

Just to clarify, it all works as intended now? Issue resolved?