I have a few questions regarding how CDbHttpSession works and I would like to be clarified about it.
Why do for every session, there is always an insert to the database?.. I don’t get the purpose. (I’m thinking of a per-user basis, like user_id on the sessions table so that only 1 session record will correspond to the user)
How do we extend CDbHttpSession in such a way that, if a user logs in to a different machine/browser, the previous active session will be terminated
Similar to this: Single Login Auth (I don’t get Y!!'s point here)
ad 1) CDbHttpSession should work like standard php session - one record for evere session (user). if you get new record for every request - check if cookie is properly generated and if your browser accept it.
ad 2) An enhaced version of CDbHttpSession which extra checks for Full Ip Address/Partial Ip Address and User Agent