The nature of HTTP and web applications does not allow you to know whether a user continues to be 'using' the system. What determines whether a user is allowed to log in on a different computer? You already stated that explicit logoff, or a login session timeout should trigger this, but what if the user closed their browser or even turned off their computer without logging off, and their session has not expired yet? Should they not be able to log in on another computer then? What if they did not close the browser, but are no longer using the other computer?
You could decide that a user should be able to sign in, if they have signed off on all other computers (which you already support) or if they have not made a request within x minutes from another computer. You could then update your code, so that it refreshes USERLOG with a last request time and IP address (or maybe session ID, given that several computers can be NATed behind the same public IP address), whenever you receive a request.
FoxWeb Support Team
Sent by Olatunji Beckley on 03/28/2018 03:32:08 PM:
To prevent multiple login from the same user on different devices, i have a user log file ('USERLOG.DBF') that is populated every time a user logs in using the Auth.Authenticate method. When the user logs off normally using the Auth.Logout method, the record that was inserted when the user logged in is then updated with the logout time.
The problem is when the script times out and the user is logged off automatically. I also need to update the record that was inserted when the user logged in with the logout time.
Anyone with any idea on how to achieve this?