Thread

I just wanted to ask what your preference is regarding if a person should be able to be logged in to an application from multiple devices / computers / browsers. In my authentication system, I’ve been more or less enforcing this through $_SERVER[‘HTTP_USER_AGENT’]. If a user is logged in from computer1, and then logs in from mobile_device1, computer1 will no longer be able to continue without signing back in. I know codeigniter by default drops the session data if the user agent changes, but that doesn’t prevent a user from successfully logging in from multiple devices, that simply makes sure the cookie data is coming from the same browser. What do you think? I’ve been thinking about allowing the application to be logged in from multiple devices at once, but don’t know if this is considered insecure by many.

I would consider it insecure. I have no problem with being forced off of one connection when I open another. Plus if it is a malicious secondary login, I will notice that my primary login is cancelled and hopefully take action to discover why it happened…

@TWP Marketing - I agree, but do you think that this level of security is necessary for all websites? I know that until recently, when I came to this forum on my home computer, but then came using my laptop, I would stay logged in on both. They must have made a change, because now I have to log in every time I switch. I’m just wondering if there is a convenience factor that needs to be addressed.

@TWP Marketing - I agree, but do you think that this level of security is necessary for all websites? I know that until recently, when I came to this forum on my home computer, but then came using my laptop, I would stay logged in on both. They must have made a change, because now I have to log in every time I switch. I’m just wondering if there is a convenience factor that needs to be addressed.

  As far as this CI forum login, no, it should not be necessary to force a new login when you change access points.  I don’t have the same situation as you, as I use only a single computer for all my forum access.  If I were using more than one system, it’s a small inconvenience to have to log back in again, but I could live with it. Also, with one system, I habitually logout when I’m done with the forum for the day.  I get email notice for threads that I’m following and it’s easy enough to log back in to reply.
That might contradict my first post, but it depends on the site I’m logged into.

Well, I ended up updating my authentication application (Community Auth) so that the option to allow/disallow multiple logins is a setting in a config file. This will make it easy for somebody to choose the preferred behavior based on what they feel the site needs.

Good Solution, I always prefer being offered the option to choose, Thanks