Ideas:
When the user logs on, the value of the function session_id () is written to the database so that the value of the session_id in the database is always guaranteed to be the most recent login user corresponding session
_id.
When the page validates the user, it needs to verify that the user's current session_id and the value of the session in the database are consistent.
Example:
You are known to have an account of U, two users A and B.
First a login account U, so user a login, the corresponding session_id write to account u corresponding to the session_id, when user a remains logged in.
Then B also login account u, User B login, the corresponding session_id updated account u corresponding to the value of the session_id.
At this point, a user to verify that a corresponding session_id value and database inconsistencies, the system prompts a user, there are other users login account U.
Reference article:
http://www.zhihu.com/question/19976722
Copyright NOTICE: This article for Bo Master original article, without Bo Master permission not reproduced.