Is there a way to prevent players from logging into a single account from multiple computers simultaneously? We think we've got a bit of "account sharing" with a few players and would like to prevent this. We're still on v2, alas.
thanks
Dave
You could set CLEAR_PLAYER_SESSIONS to TRUE in your config.php, this should invalidate any request of a user coming from its other previous sessions after each login/authentication call (meaning that after a successful login, the clients where it was logged will receive "user is not logged in" error upon every API call that requires an authenticated user).
There's no way to deny the login from other platforms (like "you are already connected") neither in v3, because this would require a live client-server connection while HTTP is a connectionless protocol, but with the above trick you have a workaround and allow only the newest login to be the only active at one time and invalidate all previous ones.
FRANCESCO CROCETTI @ SKARED CREATIONS
Okay, that sounds good enough!
But how does the server know this is a new user, not the previous one that logged in?
Of course what I said above is per user basis, it didn't mean that every login of a user clear the sessions of all others but that every login clears the previous sessions of his own account.
FRANCESCO CROCETTI @ SKARED CREATIONS
Right -- and there's an auth code or something to identify the current session?
The sessions are stored in a table, basically when CLEAR_PLAYER_SESSIONS is TRUE what happens is that upon login it deletes all records of that user from the table and creates a new record there that is then sent back to the client that is being authenticated.
To check if the user is still logged in your game client you could for example create a script with a co-routine that verifies the result of the "ping" web service and activate the gameobject/script after a successful login action:
IEnumerable CheckUserIsLogged() { bool checking = false, success = false; while (true) { // Set active request checking = true; success = false; WWWForm form = CombuManager.instance.CreateForm(); form.AddField("action", "ping"); CombuManager.instance.CallWebservice(CombuManager.instance.GetUrl("server.php"), form, (string text, string error) => { Hashtable data = new Hashtable(); if (string.IsNullOrEmpty(error) && !string.IsNullOrEmpty(text)) { data = text.hashtableFromJson(); if (data != null) { if (bool.Parse(data["success"].ToString())) { User user = new User("" + data["message"]); success = (user.idLong > 0); } } } // Current request has finished checking = false; }); // Allow only one request at once while (checking) yield return new WaitForSeconds(1f); // If didn't receive a logged user response then quit if (!success) { // User is no more logged in (no response received from server or user has accessed from elsewhere) Debug.Log("User is no more authenticated"); break; } else { // Wait for some time before the next check yield return new WaitForSeconds(30f); } } }
I didn't try the script above but hopefully it'll work.
FRANCESCO CROCETTI @ SKARED CREATIONS