473,545 Members | 1,995 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

Preventing concurrent logins - Classic ASP

Description:
I would like to prevent a user from logging in with their user/password
combination on a different computer or even a different browser window, if
they are already logged in. I have a login page, from which I use a DB check
to verify user/password info. Also, I have a bit loggedIN field in the DB,
which I use to see if they are currently logged in; if so, I prevent them
from logging in a second time.

Problem:
Unless they click the "Log Out" button, then the DB value does not get
changed. Any suggestions as to how I can log them out, even if they simply
close the browser window or jump to a different page?

Thanks in advance!
Jul 22 '05 #1
2 4753
1. Put a timestamp in the database and update it with every page hit. Then
you can have the login "time out"

2. At login time, give the user the option to cancel the pre-existing
session if one exists. You'll need to keep a unique "logged on" identifier
instead of a simple flag to block the previous session if an attempt is made
to re-use it.

--
Mark Schupp
Head of Development
Integrity eLearning
www.ielearning.com
"BenM" <RE***********@ ulgt.orgREMOVEC APS> wrote in message
news:68******** *************** ***********@mic rosoft.com...
Description:
I would like to prevent a user from logging in with their user/password
combination on a different computer or even a different browser window, if
they are already logged in. I have a login page, from which I use a DB check to verify user/password info. Also, I have a bit loggedIN field in the DB, which I use to see if they are currently logged in; if so, I prevent them
from logging in a second time.

Problem:
Unless they click the "Log Out" button, then the DB value does not get
changed. Any suggestions as to how I can log them out, even if they simply close the browser window or jump to a different page?

Thanks in advance!

Jul 22 '05 #2

BenM wrote:
Description:
I would like to prevent a user from logging in with their user/password combination on a different computer or even a different browser window, if they are already logged in. I have a login page, from which I use a DB check to verify user/password info. Also, I have a bit loggedIN field in the DB, which I use to see if they are currently logged in; if so, I prevent them from logging in a second time.

Problem:
Unless they click the "Log Out" button, then the DB value does not get changed. Any suggestions as to how I can log them out, even if they simply close the browser window or jump to a different page?


Here's what I do: I have a table that contains the user ID,
application ID (which is just an identifier to the different apps we
have) an session ID.

Then the user logs in, those fields are populated. Every time a page
loads we have a toolbar that is included on each page. That page then
checks the current session ID against the database. IF it doesn't
match, I send them to a page which says "You can only be logged into
the application in one browser at a time"... or something like that.

So what ends up happening is that whatever browser session logs in
last, that's the valid session. That way someone could leave their
desk, go to another workstation, and still be able to log into their
account.

Jul 22 '05 #3

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

0
1541
by: Dave Pylatuk | last post by:
Hello all. I am wondering if there is an easy way to prevent users from connecting to the same database more than once at a time. Ie. I do not want 'joe' users sharing logins. Thanks in advance.
1
3706
by: Karthik | last post by:
Hi, I have a website running on ASP.Net on IIS 6.0. This website has more than 10000 users login everyday. At times the users login with the same user name and password more than once at the same time. I would like to prevent this from happening as it creates a huge problem at the back end (SQL 2k). I maintain all logins in a session...
3
4434
by: mgPA | last post by:
Short: How can I limit the number of concurrent logins to Access (2000) DB? Long: I seem to be having the problem discussed in previous postings of having more than 9 or 10 concurrent logins. If I can limit the number of concurrent logins to 8 or 9, that would satisfy our needs. Thanks
1
2502
by: Sameer | last post by:
one important problem i am facing is that my web solution (asp.net) will be deployed on a webfarm. I am using sql server session management on clustered sqlservers. but as i need to prevent multiple logins through a username/password (same credentials at a time) on the website. also session_end() event does not fire in sql server mode. ...
8
4013
by: pnp | last post by:
Hi all, I've developed a win C# app that is actually database driven using SQL server 2000. The idea is that only one application will be installed on a server in a network and the program will be able to run at each client machine by just double-clicking the application executable through a network share. The program supports user logins....
2
2416
by: Calvin KD | last post by:
Hi everyone, Can someone suggest a way of monitoring the number of logins for each user in a particular session to make sure that a particular user cannot log in twice in the same session? I have thought of using Application-level counter or even store the counter in the database but it will not work (100% of the time that is) when the user's...
10
23883
by: bregent | last post by:
I've seen plenty of articles and utilities for preventing form injections for ASP.NET, but not too much for classic ASP. Are there any good input validation scripts that you use to avoid form injection attacks? I'm looking for good routines I can reuse on all of my form processing pages. Thanks.
4
3335
by: Paul | last post by:
I have an ASP.NET application that I want to limit # of concurrent logins. Has anyone done similar things before? I was trying to increment a counter in the application and decrement the counter in "Session_End". However, the "Session_End" will only work for InProc session. So, is there any other approach? Thanks, Paul.
6
6045
by: javelin | last post by:
In ASP classic pages, I want to know if it's possible to prevent session variables from becoming zero length strings? I have tried setting the Session.Timeout to a large value, but alwas, after 20 minutes, my session variable times out. I also tried setting the session timeout in IIS manager to a high value, but this did no good either. I...
6
15398
by: krvrk | last post by:
Hi, I am creating a report for which i need to query a table for total number of users and Concurrent users logged in. The table will contain Username(nvarcar,not null),SessionStart time(datetime, not null), SessionEnd time (datetime,null), SessionID(int,not null) and ConnectGUID(uniqueidentifier, not null) etc can any one help me in...
1
7440
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For...
0
7775
tracyyun
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the...
0
5997
agi2029
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then...
1
5344
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes...
0
4963
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert...
0
3470
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in...
0
3451
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
1
1902
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
0
726
bsmnconsultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.