Prevent simultaneou...
 
Notifications
Clear all

Prevent simultaneous logins to the same account

6 Posts
2 Users
1 Reactions
851 Views
(@gecko64)
Posts: 82
Estimable Member
Topic starter
 

Is there a way to prevent players from logging into a single account from multiple computers simultaneously? We think we've got a bit of "account sharing" with a few players and would like to prevent this. We're still on v2, alas. 

 

thanks

Dave

 
Posted : 22/01/2018 8:44 pm
(@skaredcreations)
Posts: 805
Prominent Member Admin
 

You could set CLEAR_PLAYER_SESSIONS to TRUE in your config.php, this should invalidate any request of a user coming from its other previous sessions after each login/authentication call (meaning that after a successful login, the clients where it was logged will receive "user is not logged in" error upon every API call that requires an authenticated user).

There's no way to deny the login from other platforms (like "you are already connected") neither in v3, because this would require a live client-server connection while HTTP is a connectionless protocol, but with the above trick you have a workaround and allow only the newest login to be the only active at one time and invalidate all previous ones.

FRANCESCO CROCETTI @ SKARED CREATIONS

 
Posted : 22/01/2018 11:31 pm
fau reacted
(@gecko64)
Posts: 82
Estimable Member
Topic starter
 

Okay, that sounds good enough!

But how does the server know this is a new user, not the previous one that logged in?

 
Posted : 22/01/2018 11:48 pm
(@skaredcreations)
Posts: 805
Prominent Member Admin
 

Of course what I said above is per user basis, it didn't mean that every login of a user clear the sessions of all others but that every login clears the previous sessions of his own account.

FRANCESCO CROCETTI @ SKARED CREATIONS

 
Posted : 22/01/2018 11:51 pm
(@gecko64)
Posts: 82
Estimable Member
Topic starter
 

Right -- and there's an auth code or something to identify the current session?

 
Posted : 22/01/2018 11:52 pm
(@skaredcreations)
Posts: 805
Prominent Member Admin
 

The sessions are stored in a table, basically when CLEAR_PLAYER_SESSIONS is TRUE what happens is that upon login it deletes all records of that user from the table and creates a new record there that is then sent back to the client that is being authenticated.

To check if the user is still logged in your game client you could for example create a script with a co-routine that verifies the result of the "ping" web service and activate the gameobject/script after a successful login action:

IEnumerable CheckUserIsLogged()
{
    bool checking = false, success = false;
    while (true)
    {
        // Set active request
        checking = true;
        success = false;
        WWWForm form = CombuManager.instance.CreateForm();
        form.AddField("action", "ping");
        CombuManager.instance.CallWebservice(CombuManager.instance.GetUrl("server.php"), form, (string text, string error) =>
        {
            Hashtable data = new Hashtable();
            if (string.IsNullOrEmpty(error) && !string.IsNullOrEmpty(text))
            {
                data = text.hashtableFromJson();
                if (data != null)
                {
                    if (bool.Parse(data["success"].ToString()))
                    {
                        User user = new User("" + data["message"]);
                        success = (user.idLong > 0);
                    }
                }
            }
            // Current request has finished
            checking = false;
        });
        // Allow only one request at once
        while (checking)
            yield return new WaitForSeconds(1f);
        // If didn't receive a logged user response then quit
        if (!success)
        {
            // User is no more logged in (no response received from server or user has accessed from elsewhere)
            Debug.Log("User is no more authenticated");
            break;
        }
        else
        {
            // Wait for some time before the next check
            yield return new WaitForSeconds(30f);
        }
    }
}

I didn't try the script above but hopefully it'll work.

FRANCESCO CROCETTI @ SKARED CREATIONS

 
Posted : 23/01/2018 12:19 am
Share: