473,326 Members | 2,104 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,326 software developers and data experts.

How to do single sign on function

i need when a user is logged in, his or her account is locked and no other
ppl can login by using these account.

Aug 15 '05 #1
6 3698
How is a user authenticated? Using a database? So mark his row as
"LoggedIn" and if the same user tries to log in during that time, refuse
them.

The danger is, how do you "clean up" these LoggedIn values if the user
doesn't purposely log out, e.g. trips on his power cord, or lets his session
time out, navigates to another web site, or just closes his browser?

"ºa¤Ö@¤½¥q" <ºa¤Ö@¾ã»æ.¨p¤H¤½¥q> wrote in message
news:%2****************@TK2MSFTNGP10.phx.gbl...
i need when a user is logged in, his or her account is locked and no other
ppl can login by using these account.

Aug 15 '05 #2
Yes Aaron

That's what i concern now. I am using database, however, I am no idea on the
"clean up" the field values if user logged out in not general procedure....

Can I using session_onend in global.asa?
or write some stored procedure or function inside sql server and run it
scheduly?

Thanks

"Aaron Bertrand [SQL Server MVP]" <te*****@dnartreb.noraa> wrote in message
news:%2****************@TK2MSFTNGP14.phx.gbl...
How is a user authenticated? Using a database? So mark his row as
"LoggedIn" and if the same user tries to log in during that time, refuse
them.

The danger is, how do you "clean up" these LoggedIn values if the user
doesn't purposely log out, e.g. trips on his power cord, or lets his session time out, navigates to another web site, or just closes his browser?

"ºa¤Ö@¤½¥q" <ºa¤Ö@¾ã»æ.¨p¤H¤½¥q> wrote in message
news:%2****************@TK2MSFTNGP10.phx.gbl...
i need when a user is logged in, his or her account is locked and no other ppl can login by using these account.


Aug 17 '05 #3
AF
> That's what i concern now. I am using database, however, I am no idea on the
"clean up" the field values if user logged out in not general procedure.... Can I using session_onend in global.asa?
or write some stored procedure or function inside sql server and run it
scheduly?


Hi there,

In addition to the 'is_loggedin' attribute, you can add a 'last_request' datetime
value. Each time the user sends a request to the server, this field is updated.

Regularly, from example every 20 minutes, simply run a background check to
detect who didn't send any request during the last timeout delay. You'll know
who didn't click the 'Logoff' button and if you've time enough to lose, you can
even send a tip "how to quit" to those users ; )

About the persistence mechanism... I suggested a database but if you could
also store it in a simple Application wide variable, as this information is clearly
designed to be reset after an application start.

Antonio
Aug 17 '05 #4
www.aspprotect.com

can do that... and it cleans up

"ºa¤Ö@¤½¥q" <ºa¤Ö@¾ã»æ.¨p¤H¤½¥q> wrote in message
news:%2****************@TK2MSFTNGP10.phx.gbl...
i need when a user is logged in, his or her account is locked and no other
ppl can login by using these account.

Aug 20 '05 #5
AF
> i need when a user is logged in, his or her account is locked and no other
ppl can login by using these account.


I forgot to mention : what you want is not called single sign on. SSO is the
mechanism which allows you to access resources located in different places
or under different systems through a single authentication process.

Example of a SSO mechanism:
- corporate user authenticates through AD/W2k login screen
- he/she has access to the collaborative intranet portal without
needing to log in a second time, although he's browsing the service
through his windows identity.

What you're looking for is a measure to prevent "session hijacking" or
attacks.

Hope it will help you if you try googling around ; )

Antonio

Aug 23 '05 #6

ºa¤Ö@¤½¥q wrote:
i need when a user is logged in, his or her account is locked and no other
ppl can login by using these account.


What I do on our intranet applications is keep the session ID of the
LAST logged in session for a particular ID in a database, and check to
see if it matches each time a page refreshes. If it doesn't match, I
redirect them to the login page.

So basically, whatever session that logged in last wins, so I user
could go from terminal to terminal and still log in under his account.

Aug 23 '05 #7

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

4
by: Peter Tragardh | last post by:
I'm searching for info on how to authenticate a user in the same way that for example Source Safe does. I would like my system to use Windows as the authenticator, so that the user doesn't have to...
1
by: iMedia User | last post by:
I have a site where I want to use the Web form validators in two separate forms on a single page. One form allows existing users to log in while the second one allows new users to register. The...
1
by: Rodney Lane | last post by:
Hi I am investigating the possibility writing an application which uses single sign on with ASP.Net / VB.Net and was wondering if anyone has endeavoured to do this yet. I will most likely be...
1
by: EricMatz | last post by:
I work for a medium-sized insurance company, developing web-based systems for our independent agents. There are four primary applications we provide - one that serves as an agent portal (ASP), and...
1
by: TPK | last post by:
Here is what I want to do with javascript. On a page with text place a javascript link that: 1) When a user clicks the link (onClick) a new browser window opens (the easy part) NewWindow =...
2
by: Spam Catcher | last post by:
Hi all, I'm looking to implement a single sign on solution for .NET applications. This single sign on solution will need to work against a variety of back- end databases (i.e. SQL (mainly),...
4
by: Jai | last post by:
Hi, I have a problem related to Login System. I am developing 3 websites for some institution.Now they want that if anybody had sign up for there site1.com(say), than he or she should be able...
7
by: hamarsheh | last post by:
Hi everbody! i need single sign on software for our php website , For all application, because we used visual basic and php, and another things so we need software to do single sign on , that the...
0
amitpatel66
by: amitpatel66 | last post by:
All, Please find below POST about Oracle SINGLE ROW FUNCTIONS which might be useful. SINGLE ROW FUNCTION are those which are executed once for each and every row of the Query. The different...
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
1
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
1
by: Defcon1945 | last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work
1
by: Shællîpôpï 09 | last post by:
If u are using a keypad phone, how do u turn on JavaScript, to access features like WhatsApp, Facebook, Instagram....
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.