Here is the gist of a simplistic mechanism we did for a client. It may or
may not be sufficient for your situation:
------before authenticating user-------
'attempts are stored in Application Variables by login id
nTry = Application(strLoginID)
If Not IsNumeric(nTry) Then
nTry = 1
Else
nTry = nTry + 1
End If
If nTry > 3 Then
Response.Redirect "../html/mp_acctlocked.html"
Else
-------code to authenticate user goes here-------
End If
If AuthenticateUser = 0 Then
Application.Contents.Remove(strLoginID) 'successful
Else
Application(strLoginID) = nTry 'failed, update try count
End If
You also need admin functions to unlock users.
A more robust mechanism would store the try count in a database along with a
timestamp so that locked accounts could be released automatically if
desired.
--
Mark Schupp
Head of Development
Integrity eLearning
www.ielearning.com
"tchangmian" <tc********@yahoo.com.sg> wrote in message
news:64**************************@posting.google.c om...
Hi, I would like to create an auto-lock out module where users are
unable to continue login attempt after 3-5 unsuccessful logins. In
addition, the user account are automatically suspended after
stipulated unsuccessful logins.
Is there any sample coding in ASP or Javascript for me to refer to??
Thanks alot!!!