I want to set up a system that allows a visitor to view only one webpage at a time. Only one browser window or tab should be allowed.
I have implemented a session variable called "is_viewing". If it is true, the person is denied access to the pages (by simply showing a different template).
What is the best way to reset this session variable if a user navigates from one page to another?
I have added a ajax function to the html body's onunload event. All it does is set the session variable to false.
But this brings all kinds of trouble and unexpected results. Refreshing the page first shows the deny template (with the session variable being shown as true for some reason that I do not know) and then after another refresh I can load the page again.
Can't I work with headers on a script that is called with ajax? How else would I reset the session variable and track where the user is going on the site to deny him access if he is already viewing another page?
If you really want to stop people from doing that, limit the number of connections per IP on the server. But please don't limit it to one or so to avoid locking a whole family or so when they have multiple PCs.
If it's ok when people willingly ignore that limit (for example by launching another browser), give each user a cookie and limit the number of connections per cookie on the server - kill old connections when new ones come in.