CGI::Session, method to stop account sharing

Anonymous Monk has asked for the wisdom of the Perl Monks concerning the following question:

Replies are listed 'Best First'.
Re: CGI::Session, method to stop account sharing by SuicideJunkie (Vicar) on Apr 13, 2011 at 19:24 UTC
What about simply having a hash mapping usernames to their most recent session ID? If the user is just logging on, update the hash. If the user is doing anything else, check to make sure that their current session matches the one in the hash.	[reply]
Re^2: CGI::Session, method to stop account sharing by Anonymous Monk on Apr 15, 2011 at 11:54 UTC
That's a good idea... but I must use memcached, as this code needs to run on a farm of webservers (each one pushing as much throughput as possible), with many memcached servers. This may be premature... but after reading the CGI::Session::Driver::memcached code, I believe, that in my case, it's unusable. It uses the sid as the key. This will fill up my 4G memcached space in no time. Since the sid is random, I won't have any practical method to age out sessions. I have already written my own driver to replace it. Thanks for your reply.	[reply]
Re: CGI::Session, method to stop account sharing by Anonymous Monk on Apr 13, 2011 at 17:05 UTC
What do you mean?	[reply]
Re^2: CGI::Session, method to stop account sharing by Anonymous Monk on Apr 13, 2011 at 17:11 UTC
Stop duplicate simultaneous logins.	[reply]