By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
445,677 Members | 1,174 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 445,677 IT Pros & Developers. It's quick & easy.

How to do single sign on function

P: n/a
i need when a user is logged in, his or her account is locked and no other
ppl can login by using these account.

Aug 15 '05 #1
Share this Question
Share on Google+
6 Replies


P: n/a
How is a user authenticated? Using a database? So mark his row as
"LoggedIn" and if the same user tries to log in during that time, refuse
them.

The danger is, how do you "clean up" these LoggedIn values if the user
doesn't purposely log out, e.g. trips on his power cord, or lets his session
time out, navigates to another web site, or just closes his browser?

"榮少@公司" <榮少@整餅.私人公司> wrote in message
news:%2****************@TK2MSFTNGP10.phx.gbl...
i need when a user is logged in, his or her account is locked and no other
ppl can login by using these account.

Aug 15 '05 #2

P: n/a
Yes Aaron

That's what i concern now. I am using database, however, I am no idea on the
"clean up" the field values if user logged out in not general procedure....

Can I using session_onend in global.asa?
or write some stored procedure or function inside sql server and run it
scheduly?

Thanks

"Aaron Bertrand [SQL Server MVP]" <te*****@dnartreb.noraa> wrote in message
news:%2****************@TK2MSFTNGP14.phx.gbl...
How is a user authenticated? Using a database? So mark his row as
"LoggedIn" and if the same user tries to log in during that time, refuse
them.

The danger is, how do you "clean up" these LoggedIn values if the user
doesn't purposely log out, e.g. trips on his power cord, or lets his session time out, navigates to another web site, or just closes his browser?

"榮少@公司" <榮少@整餅.私人公司> wrote in message
news:%2****************@TK2MSFTNGP10.phx.gbl...
i need when a user is logged in, his or her account is locked and no other ppl can login by using these account.


Aug 17 '05 #3

P: n/a
AF
> That's what i concern now. I am using database, however, I am no idea on the
"clean up" the field values if user logged out in not general procedure.... Can I using session_onend in global.asa?
or write some stored procedure or function inside sql server and run it
scheduly?


Hi there,

In addition to the 'is_loggedin' attribute, you can add a 'last_request' datetime
value. Each time the user sends a request to the server, this field is updated.

Regularly, from example every 20 minutes, simply run a background check to
detect who didn't send any request during the last timeout delay. You'll know
who didn't click the 'Logoff' button and if you've time enough to lose, you can
even send a tip "how to quit" to those users ; )

About the persistence mechanism... I suggested a database but if you could
also store it in a simple Application wide variable, as this information is clearly
designed to be reset after an application start.

Antonio
Aug 17 '05 #4

P: n/a
www.aspprotect.com

can do that... and it cleans up

"榮少@公司" <榮少@整餅.私人公司> wrote in message
news:%2****************@TK2MSFTNGP10.phx.gbl...
i need when a user is logged in, his or her account is locked and no other
ppl can login by using these account.

Aug 20 '05 #5

P: n/a
AF
> i need when a user is logged in, his or her account is locked and no other
ppl can login by using these account.


I forgot to mention : what you want is not called single sign on. SSO is the
mechanism which allows you to access resources located in different places
or under different systems through a single authentication process.

Example of a SSO mechanism:
- corporate user authenticates through AD/W2k login screen
- he/she has access to the collaborative intranet portal without
needing to log in a second time, although he's browsing the service
through his windows identity.

What you're looking for is a measure to prevent "session hijacking" or
attacks.

Hope it will help you if you try googling around ; )

Antonio

Aug 23 '05 #6

P: n/a

榮少@公司 wrote:
i need when a user is logged in, his or her account is locked and no other
ppl can login by using these account.


What I do on our intranet applications is keep the session ID of the
LAST logged in session for a particular ID in a database, and check to
see if it matches each time a page refreshes. If it doesn't match, I
redirect them to the login page.

So basically, whatever session that logged in last wins, so I user
could go from terminal to terminal and still log in under his account.

Aug 23 '05 #7

This discussion thread is closed

Replies have been disabled for this discussion.