yancey
Hey guys,
I noticed that it is possible to login simultaneously with the same username and password from different computers. My users should not be able to share their passwords. That's why I'm looking for a solution for this issue. The nicest solution for me would be a message: 'Access denied. You are already logged in' but I'm open for other solutions like an IP or Mac address based login so the users can only login from the same computer or mobile phone (would be acceptable for me). The main goal for me is to prevent password sharing so that different people can't use the same login.
I'm quite new to all that stuff - a plugin would be the easiest way. If there is no plugin, I guess I need a more detailed answer :(
Thanks a lot! Jens
sfitcs
It's a common problem, but the only ways I know to solve it are:-
* use a database that uses a timeout and logged in users check and disconnect concurrent logins
* possibly a UUID scheme (javascript? not perfect as javascript can be circumvented).
* use an external authentication scheme. LDAP and Active Directory might be able to stop this, oAuth makes it hard (but not impossible). There are lots of plugins for this.
There are plugins that allow you to see who is logged in (display IP address), and to ban certain IPs - you can also, subsequently, remove user accounts (the club of knowledge approach).