Allow one session only at a time

I'll suggest you to do something like this:

Suppose when user "A" loges in to the "Com_1", for the first time. Save a unique code in the database against that session, and same with the user session.

At the mean time if he (user "A") loges in again on "com_2", then check his status in the database and update the unique code in the database.

again back if same user (user "A") refreshes the page on "com_1", we all you need to do is check the unique code from the session and match it to the database, It is for sure it will not match, then log it out and destroy the session.

For keeping the user loggedin, even if browser is closed, you can store the cookie on the browser, and re-generate the session accoordingly.

Hope this helps. Thank you.


You can use the following algorithm

  1. create an integer field in the databse userLoggedInCount
  2. On each login increment that flag and store the result in the session.
  3. On each request check the value in the database and the one in the session, and if the one in the session is less than the one in the DB, invalidate() the session and decrement the value in the database
  4. whenever a session is destroyed decrement the value as well

Credits to Bozho because he posted this, answering to a question here