Here is the gist of a simplistic mechanism we did for a client. It may or
may not be sufficient for your situation:
------before authenticating user-------
'attempts are stored in Application Variables by login id
nTry = Application(str LoginID)
If Not IsNumeric(nTry) Then
nTry = 1
Else
nTry = nTry + 1
End If
If nTry > 3 Then
Response.Redire ct "../html/mp_acctlocked.h tml"
Else
-------code to authenticate user goes here-------
End If
If AuthenticateUse r = 0 Then
Application.Con tents.Remove(st rLoginID) 'successful
Else
Application(str LoginID) = nTry 'failed, update try count
End If
You also need admin functions to unlock users.
A more robust mechanism would store the try count in a database along with a
timestamp so that locked accounts could be released automatically if
desired.
--
Mark Schupp
Head of Development
Integrity eLearning
www.ielearning.com
"tchangmian " <tc********@yah oo.com.sg> wrote in message
news:64******** *************** ***@posting.goo gle.com...
Hi, I would like to create an auto-lock out module where users are
unable to continue login attempt after 3-5 unsuccessful logins. In
addition, the user account are automatically suspended after
stipulated unsuccessful logins.
Is there any sample coding in ASP or Javascript for me to refer to??
Thanks alot!!!