I have a website in which double accounts are a big problem. We do IP address checking, but this doesn't always work. I just thought of setting a cookie on the clients computer with the unique user id for the account they log into. Then reading the cookie every time they login and see if they are logging into the same account or another account. I know they can clear their cookies, but this would help catch a lot more users. Is this possible? If so, how?
We use Php and a MySql database. Currently we log the Ip address of a user when they login. We have some cron jobs that run and check for Ips that match and then stores all the user ids for users that have the same Ip address. This is how we flag double accounts.
We would like to add a function that tries to read a cookie at login if set. Get the user id (unique int) and compare it to the user that is being logged into. If the user id does not match the user id of the account being logged into, we know the user has a double account.
Yes, it is possible. You can extend the cookie expire date to one month and keep the previous user id.
I believe that your method of catching the duplicated account is not a good method. What if there is two accounts who share the same computer (which is not uncommon). Your method will account it as duplicated account as well.
Implementation Example:
Login Part