Forum

Thread tagged as: Question, Problem, Members

perch members app - multiple sessions different locations

Hi Perch team,

I was wondering if there was a way to limit a logged in member to only one session at a time?

By this I mean I can currently use the same login details on two different machines (and ip addresses) and both sessions are still valid.

I only want the login details to be valid for one session to stop details being shared and multiple logins to occur.

Does that make sense, and is it possible?

  • Update - ...or to put it another way, how can I better control the fact people might share login details for the site? :)

Thanks for all the good work!

Mark Lawrence

Mark Lawrence 0 points

  • 5 years ago
Drew McLellan

Drew McLellan 2638 points
Perch Support

That shouldn't be the case - the session hijacking protection should kick in at that point. What tests have you run?

Well I simply logged in from my desktop computer, then did the same on my mobile phone (over 4g, not the same wifi) - I was able to be logged in from both devices.

I then refreshed both devices and the login was still active, ie I could still view the restricted members sections on both.

Should I have done something different?

Drew McLellan

Drew McLellan 2638 points
Perch Support

No, that should be enough to log one of them out.

Can you post your diagnostics?

Perch: 2.8.29, PHP: 5.6.20, MySQL: mysqlnd 5.0.11-dev - 20120503 - $Id: 76b08b24596e12d4553bd41fc93cccd5bac2fe7a $, with PDO
Server OS: Linux, cgi-fcgi
Installed apps: content (2.8.29), assets (2.8.29), categories (2.8.29), perch_members (1.5)
App runtimes: <?php $apps_list = array( 'content', 'categories', 'perch_members', );
PERCH_LOGINPATH: /perch
PERCH_PATH: /home/jdiresea/public_html/perch
PERCH_CORE: /home/jdiresea/public_html/perch/core
PERCH_RESFILEPATH: /home/jdiresea/public_html/perch/resources
Image manipulation: GD Imagick
PHP limits: Max upload 128M, Max POST 8M, Memory: 512M, Total max file upload: 8M
F1: 2edba60ed1f613d6dd804feb202456a2
Resource folder writeable: Yes
DOCUMENT_ROOT: /home/jdiresea/public_html
HTTP_HOST: jdiresearch.com
REQUEST_URI: /perch/core/settings/diagnostics/
SCRIPT_NAME: /perch/core/settings/diagnostics/index.php
Drew McLellan

Drew McLellan 2638 points
Perch Support

Ok, well I'd expect that to be working. I'll log it.

Hi, Do member sessions in the app expire? I am experiencing the same issues as Mark but also have noticed that coming back to a page I was logged into a day later that I am still logged in if I don't physically log out. If they do expire is there a setting I can change to force this on a regular basis? I'm running latest version of perch and member app.

Thanks in advance.

Rachel Andrew

Rachel Andrew 394 points
Perch Support

Steven,

to get help please start your own thread with a description of your issue plus Diagnostics Report and code.

Hi Rachel, shall do. I only added here because like Mark I have found that logging in from multiple devices on multiple IPs does not force the member to login again. With the same Perch version and Member App version.

I shall ask the other part re session settings in seperate topic.

Rachel Andrew

Rachel Andrew 394 points
Perch Support

We can't help multiple people in one thread - you also run the risk of being ignored as the thread appears answered. I only saw this because it is the weekend and not so busy.

Please create your own thread if you need help including your Diagnostics Report and code, it is not simply the version information that this gives us, it gives us the details of your environment that we need to help.

Hi Rachel,

Any updates on the original problem I reported?

Thanks

Drew McLellan

Drew McLellan 2638 points
Perch Support

Not yet, but it's something we plan to look at.