Answer the question
In order to leave comments, you need to log in
How to disable multiple authorizations?
I am creating a browser game in PHP for mobile phones. The game has such a thing as an account. This account can have multiple characters. That is, the user creates one account and can use this account to create different characters for himself.
Question: How can you make it so that a player cannot play two characters at the same time in PHP? For example, a player logs in from the opera and from google chrome at the same time and sips and whistles in the game with two characters at once, and this is prohibited.
Actually, I don’t need the code, I would like to hear the implementation method (how best to make protection).
If you make IP protection, then the player can safely play through a proxy or from a phone and from a computer at the same time. Drops out.
So you need to link to your account. Scan recent visits for all characters on the account? Basically, I'm stuck :(
Answer the question
In order to leave comments, you need to log in
Let's assume that authorization creates a new session.
There are two options:
- kill all sessions for this user during authorization (for me, it is preferable)
- during authorization, check for the presence of the current session - display a message if it is active
// UPD
Addition to the comment from Sergey :
I log in under character1 from client1.
Then I go under character2 from client2.
When authorizing character2 - client1 crashes with an error.
Why can't you just store the current character's ID in the table? That is, just a correspondence table account_id-current_character_id. Throughout the project, use $current_character_id. And it turns out it doesn’t matter what device you came from, the character installed by the current one will always be loaded, and only for him all actions will be performed.
Authorizations here are generally far-fetched.
During authorization, generate a Token, a unique string, write it to the database, process all requests only if a valid token is specified, because such a token will be only 1, because the old one is erased with a new authorization, the problem becomes irrelevant
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question