How can I prevent a logged-In member from logging into their account (in a new tab or different device) without logging out of their existing session ?
I am working on a client job-board website where logged-in employers can submit a single Job Vacancy via the post_job.php page. The problem is they can Login again from a new tab or device without logging out and post more than their permitted single job posting. What would be the easiest way of preventing employers from doing this ?
I am a comparative newbie and everything I have read so far assumes I am not. So any answers in simple jargon-free terms will be greatly appreciated.
Take a look at this it protect you from Cross-Site Request Forgery and you can check if user had logged in. Try: save csrf token to db, then check if users token same that in db... If not: unset cookie and session for this user and return him to Sign In page; If yes: do your stuff