Can someone explain the how I can make it so that a login ( username )
can only be logged in once to a website if it is possible.
What I would like to do is have it so that if dwaldman is logged in
that login can't login again with another session until the old
session is terminated ( logged out )
14  1814 
should be very simple to add a check function in your login code to verify the user session is active
if session("isacti ve") <true then
'run login code
session("isacti ve") = true
end if
"Mangler" <we*******@repa irresource.comw rote in message news:dc******** *************** ***********@s50 g2000hsb.google groups.com...
Can someone explain the how I can make it so that a login ( username )
can only be logged in once to a website if it is possible.
What I would like to do is have it so that if dwaldman is logged in
that login can't login again with another session until the old
session is terminated ( logged out )
Jon Paal [MSMD] wrote on 09 jul 2008 in
microsoft.publi c.inetserver.as p.general:
"Mangler" <we*******@repa irresource.comw rote in message
news:dc******** *************** ***********@s50 g2000hsb.google groups.com.
..
>Can someone explain the how I can make it so that a login ( username
) can only be logged in once to a website if it is possible.
What I would like to do is have it so that if dwaldman is logged in
that login can't login again with another session until the old
session is terminated ( logged out )
should be very simple to add a check function in your login code to
verify the user session is active
if session("isacti ve") <true then
'run login code
session("isacti ve") = true
end if
That would not help the OP:
"logged in once to a website" he writes, not to a session.
You would have to register the "being logged in" on the database,
or on a low volume site as an application variable.
The problem is you cannot easily detect a lost session,
that is not actively logged out,
but timed out or lost due to the browser or connection demize.
So you would have the new session login prohibit further use of the old
session login of the same user, methinks.
How to do that?
--
Evertjan.
The Netherlands.
(Please change the x'es to dots in my emailaddress)
">What I would like to do is have it so that if dwaldman is logged in
>that login can't login again with another session until the old
session is terminated ( logged out )"
The OP asked for a session test, and a lost session is the same as no session, so yes, session tests are valid.
"Jon Paal [MSMD]" wrote:
The OP asked for a session test, and a lost session is the same as no session, so yes, session tests are valid.
Okay, you go try it then.
Use two different browsers (not just tabs in the same browser).
Login and set a session value from the first browser.
No go to the same web page with the second browser and try to see that
session value.
Won't happen. And yet that first browser's session is still perfectly active.
Now, close that first browser completely.
Where's the session now?
It can't be detected from the second browser. And yet it is *STILL ACTIVE*
on the server until the session timeout occurs.
So I completely disagree with your assertion that "a lost session is the
same as no session." Clearly *NOT* true on the server.
=?Utf-8?B?T2xkIFBlZGF udA==?= wrote on 09 jul 2008 in
microsoft.publi c.inetserver.as p.general:
>
"Jon Paal [MSMD]" wrote:
>The OP asked for a session test, and a lost session is the same as no
session, so yes, session tests are valid.
Okay, you go try it then.
Use two different browsers (not just tabs in the same browser).
Login and set a session value from the first browser.
No go to the same web page with the second browser and try to see that
session value.
Won't happen. And yet that first browser's session is still perfectly
active.
Now, close that first browser completely.
Where's the session now?
It can't be detected from the second browser. And yet it is *STILL
ACTIVE* on the server until the session timeout occurs.
So I completely disagree with your assertion that "a lost session is
the same as no session." Clearly *NOT* true on the server.
You are right, but the server cannot distinguish between a lost session
and no session at all from the viewpoint of the request for a new
session.
The best you can do is to store a session identification while logged in
at the server's user record, and so prohibit any action on the forlast
logged-in-session of that user if a new login is requested [because of a
possible lost session].
Prohibiting a second login till a timeout will aleniate your users that
lost the session.
--
Evertjan.
The Netherlands.
(Please change the x'es to dots in my emailaddress)
Evertjan: I was *agreeing* with you.
Yes, the only way to do this is to keep track in a DB or in Application
variables.
Well, I guess you *could* use Cookies (*NOT* session cookies...persi stent
ones) if you trust your users to have cookies turned on. And I guess you
have to or sessions don't work.
So you'd simply persist the user's Session.Session ID in a cookie (give it an
expiration date of tomorrow, say?) and if the value from the cookie doesn't
match the value from Session.Session ID then you know it's an attempt to use
another browser window. I guess that works as well as the application or DB
saving, no?
What I have done in the past is allow the user to *OVERRIDE* the prior
sessionID. That way if they accidentally close the browser and come back in,
they can say "Yes, kill that prior session and use this one."
Hadn't thought of using cookies until just now. DOH on me. It seems the
obvious way, now!
"Jon Paal [MSMD]" wrote:
should be very simple to add a check function in your login code to verify the user session is active
if session("isacti ve") <true then
'run login code
session("isacti ve") = true
end if
The point is, if the user ALREADY has ANOTHER session active, this code
won't discover that. So it can't possibly do what the OP requested.
"Old Pedant" <Ol*******@disc ussions.microso ft.comwrote in message
news:B8******** *************** ***********@mic rosoft.com...
Evertjan: I was *agreeing* with you.
Yes, the only way to do this is to keep track in a DB or in Application
variables.
Well, I guess you *could* use Cookies (*NOT* session cookies...persi stent
ones) if you trust your users to have cookies turned on. And I guess you
have to or sessions don't work.
Not really. There are various levels of trust where cookies are concerned.
"Having cookies turned on" is nominally used to mean the user allows a site
store permanent cookies for at least the sites own use. Even with
"cookies turned off" session cookies normally continue to work since these
transient cookies stored only in process memory are normally still allowed.
It takes some agressive anti-cookie settings to disable session cookies.
--
Anthony Jones - MVP ASP/ASP.NET
Too right you are. DOH on me. Heck, I often run with only session cookies
enabled when I'm surfing to unknown sites.
Okay, back to the DB or Application solution.
I used App solution in one case I worked on and then used the "allow user to
say new session is the correct one" paradigm. Worked fine & handled all the
users who would shut down browser without logging off & then come back again
in 15 minutes or so, before the old session timed out.
This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: John Davis |
last post by:
I put a little login (username and password textfields) in a web page, and
once the user able to login, I want the username and password textfields
will disappear, and replace with text " has Login!]" in the same
position.
My question is how to make the username and password textfields disappear
and replace with " has Login!]" in the same position?
This is the code I have done so far, but it has another problem: Even I
first check if...
|
by: Beginner |
last post by:
I know this is an old question, but searching all over the internet plus
several MS security conferences, still haven't got a straight anwser.
Basically, the login.aspx is on one dedicated server in the domain using AD.
ASP.NET applications run on other servers (not neccessary in domain) and
trying to use authentication server. How could this be done?
- Most response says you need to set MachineKey the same, but that alone
doesn't...
|
by: Samuel Shulman |
last post by:
Is there a method that will indicate the person who logged successfully is
Logged and therefore allowed to browse freely other then using the
'Web.Security.FormsAuthentication.RedirectFromLoginPage' method
thanks,
Samuel
|
by: Moss |
last post by:
Hi,
Sorry if this really is a newbie question, but hey, I'm a newbie, porting
from a coldfusion background.
I have been using the built in login feature however notice that it does
appear to expire the login if the browser window is closed.
Is this normal behaviour? Is it something that i can circumvent. I would
prefer to allow users to login, and be logged in for a period of time before
|
by: AppleBag |
last post by:
I'm having the worst time trying to login to myspace through code. Can
someone tell me how to do this? Please try it yourself before replying,
only because I have asked this a couple of times in the past in other
places, and while the help was much appreciated, it seemed everyone
just wanted to 'theoretically' explain how to do it, but when I tried
to do it myself, I couldn't login.
I want to simply pass the email address and password to...
| | |
by: Ben |
last post by:
Hello, I'll bet this has been asked a million times but I can't seem to find
a thread that gives the clear example I need.
This PC has MySQL and IIS configured and running. The MySQL database is
"myDB" with a table "myUsers" with fields "Username" and "Password". I also
have the MySQL ODBC driver loaded with a DSN "dsnMySQL" setup.
First question is can someone direct me to a site or provide a sample code
for a login page that...
|
by: Jean |
last post by:
Hi,
I have a question about logins and sql server express and an ASP.NET
aplication. I put this question in sql server newsgroup, but without real
answer sofar.
I created a login 'Network service' at server level in Management Studio
express.
I use windows authentification.
Then i defined an user for my database which is associated to login 'Network
|
by: hotflash |
last post by:
Hi Mark et. All,
I have a question to see if you can educate me here since this is something new to me as well.
I created a login page for the user to login and the ASP will check and redirect them to the appropriate page. So far, everything works fine. Myself and the user admin can login to the "Trform.asp" page OK without problem.
My question for you and your peers is I have 5 more users. Let's say A, B, C, D, and E. I want...
|
by: Kandiman |
last post by:
Hiya, i made a asp page, and one of my divs (as a include) is as below. the problem is if the main page is resubmitted, i get logged out again?...
heres the code.. i think its on the value=true for the hidden textbox on the logout sub.. but how do i get round this? can i not change the value onclick?
<div id=Rightbody>
<!--<form id="RightBodyForm" name="RightbodyForm" method="post" action="Guestbook2.asp">-->
<%
Response.Expires...
|
by: daokfella |
last post by:
I have a Login.aspx page that takes care of all my login procedures
(validation, lockouts, password change requirements, password
retrieval, etc.) It works like a charm. However, now I'd like a "quick
login" control to appear in the banner at the top of my master page.
This control will just have a username and password textbox and login
button. I want to reuse all the same code. Plus, if the credentials
are incorrect, or additional...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
| | |
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
| | |
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| |
