473,605 Members | 2,665 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

many people logging in using same user name

Hi everybody

I am writing a simple asp.net application using form
authentication. I store the list of all users and their
passwords in an SQL Server database table.

My client recently told me that he wants me to do
something through which only one user can login using any
given account name. I mean to say, for example, when a
user called "abc" is online, another person shouldn't be
allowed to login using the same login.

I thought of many possibilities. I am listing down some
here, along with some reasons why I am reluctant to use
them. If there is any better way, or if you have comments
on any of the following, please share them with me.

1. Use a field in the table called "bLoggedOn" and set it
to true when the user is on.

Problem: How can I know when the user is logged out? What
if the modem-line connection is cut in between? Or what
if the server crashes for five minutes?

2. Use an Application variable (perhaps an array or
something....fy i, the maximum number of users online at
any time is 50). But then again, how can I "log off" a
user if his connection is cut?

In any of the following cases, one thing is very
important. If he closes the browser and attempts to
relogin, he shouldn't get the message "you are already
logged on from another location." The users will be at
the frontdesk of an office and they can't wait for a few
minutes before the server automatically logs them off.

I need to know whether there is any way the server can
know when a guy logs off.

Thanks....

<oops, looks like this message got a bit too long :-) >
Nov 18 '05 #1
5 2064
As http is connection less, the best you could do is to have an explicit way
to logoff (and hope the user is using it). Other than that you just have the
usual timeout mechanism that will end a session when the timeout period
ellapsed without any user activity.

You could also trap some unload event client side to be able to
programmaticall y "abandon" the session (and probably a problem for example
if you have multiple windows) but this is working against the architecture.

A last option would be to disable the existing session so that users are
always able to log on (but existing sessions wuill be suspended).

It could be interesting to see why exactly having a unique account logged at
any one time is a requirement to see if this is not a way to solve another
problem he is thinking about ?

Patrice
--

"Michelle Stone" <mi********@yah oo.com> a écrit dans le message de
news:03******** *************** *****@phx.gbl.. .
Hi everybody

I am writing a simple asp.net application using form
authentication. I store the list of all users and their
passwords in an SQL Server database table.

My client recently told me that he wants me to do
something through which only one user can login using any
given account name. I mean to say, for example, when a
user called "abc" is online, another person shouldn't be
allowed to login using the same login.

I thought of many possibilities. I am listing down some
here, along with some reasons why I am reluctant to use
them. If there is any better way, or if you have comments
on any of the following, please share them with me.

1. Use a field in the table called "bLoggedOn" and set it
to true when the user is on.

Problem: How can I know when the user is logged out? What
if the modem-line connection is cut in between? Or what
if the server crashes for five minutes?

2. Use an Application variable (perhaps an array or
something....fy i, the maximum number of users online at
any time is 50). But then again, how can I "log off" a
user if his connection is cut?

In any of the following cases, one thing is very
important. If he closes the browser and attempts to
relogin, he shouldn't get the message "you are already
logged on from another location." The users will be at
the frontdesk of an office and they can't wait for a few
minutes before the server automatically logs them off.

I need to know whether there is any way the server can
know when a guy logs off.

Thanks....

<oops, looks like this message got a bit too long :-) >


Nov 18 '05 #2
"Michelle Stone" <mi********@yah oo.com> wrote in message
news:03******** *************** *****@phx.gbl.. .
Hi everybody

I am writing a simple asp.net application using form
authentication. I store the list of all users and their
passwords in an SQL Server database table.

My client recently told me that he wants me to do
something through which only one user can login using any
given account name. I mean to say, for example, when a
user called "abc" is online, another person shouldn't be
allowed to login using the same login.

I thought of many possibilities. I am listing down some
here, along with some reasons why I am reluctant to use
them. If there is any better way, or if you have comments
on any of the following, please share them with me.

1. Use a field in the table called "bLoggedOn" and set it
to true when the user is on.

Problem: How can I know when the user is logged out? What
if the modem-line connection is cut in between? Or what
if the server crashes for five minutes?
With web apps, there is no way to know, as the client is stateless. The best
you can offer is to log the session ID and key it to the user. Then, you can
query whether the session is alive and delete the tie to the user. If a user
tries to log in again, they will be refused. You will store, SessionID,
UserID and TTL (time to live) in the database. Every hit increases time to
live. Formula: TTL = CurrentTime + NumMinutesForTi meOut

Pros
Tied to the session methdology MS uses
Rather simplistic to create

Cons
Database has to be tied to session time out, so you have to chance the
timeout time in two places
If a user's machine crashes, they are locked out for 20 minutes
2. Use an Application variable (perhaps an array or
something....fy i, the maximum number of users online at
any time is 50). But then again, how can I "log off" a
user if his connection is cut?
Nothing will help you here.
In any of the following cases, one thing is very
important. If he closes the browser and attempts to
relogin, he shouldn't get the message "you are already
logged on from another location." The users will be at
the frontdesk of an office and they can't wait for a few
minutes before the server automatically logs them off.
Then, you cannot do it. At least not with a web application.

One compromise here. When a user logs on, store his IP address, UserName,
SessionID and a TTL. Give the TTL of about 1-2 minutes, rather than the 20
the session times out. This will stop the user from opening one session and
immediately opening another, but will not stop those who wish to wait. If a
user pops out of a browser, he will only have to wait 1 minute to get back
in.

To stop users that want to open multiple sessions, tie the UserID to
whatever record they are working on. Opening more than one session will not
allow them to bounce between records any faster than only having one. This
will further discourage people from bucking the system.
I need to know whether there is any way the server can
know when a guy logs off.
Using normal web app methodology? No!

You can build an aware web app, but you will end up with one or more of the
following:

1. Slow performance
2. Extremely difficult code
3. Increased network latency due to chattiness
Thanks....

<oops, looks like this message got a bit too long :-) >


It's OK, I do it occasionally too! ;->

Here is the scoop. Browser communication over HTTP is stateless. Each time
the client wants a page, he requests. In between the server has NO CLUE the
browser did not become the victim of a nuclear war. The whole concept of
Session is artificial, and is a method agreed on by browser manufacturers
and web server manufacturers to give some form of state to stateless
communication. As the server does not KNOW what the client is doing, it sets
up the session and assumes the user is in session until the session times
out. You can slide the timeout up or down, but that is the only control you
have.

In your app, you might be able to slide the session way down, but you would
have to use something other than forms auth to auth the user or they will
have to log in very often, which will annoy them. This is probably a
NON-solution. So, you kludge out a method of stopping a user from logging in
that is separate from session. But, the time has to be very short, which
means a user can, theorhetically, wait a minute and open another session.
So, you have to make that a stupid proposition. Keying the user to whatever
record he is working on is an option. Normally, I hate this type of kludge,
but you have to see if the client will compromise.

--
Gregory A. Beamer
MVP; MCP: +I, SE, SD, DBA

*************** *************** *************** *************** **********
Think Outside the Box!
*************** *************** *************** *************** **********
Nov 18 '05 #3
I have used the first option in the past with limited success. For this to
work successfully, it is very important that you catch when the user is
logged out. You can run code in the Session_OnEnd event to reset bLoggedOn
to false. However, one problem with this, is when the user closes the
window without logging out. Working around this takes a little more work.
Use a single frame frameset which contains the application. In the onUnload
event of the frameset, run some code to log the user out. When they close
the window, it will popup a little box in the background which will log them
out. This should execute very quickly, and will almost be transparent to
the user.

E.g.

Your frameset page would consist of the following:

<script language="javas cript">
function window_onunload ()
{
window.open("ht tp://www.domain.com/autologout.aspx ", "logout",
"width=100,heig ht=100,status=n o,toolbar=no,me nubar=no,locati on=no");
}
</script>
The frameset could consist of the following:

<frameset rows="100%" onUnload="windo w_onunload()">
<frame name="MainFrame " src="default.as px" marginwidth="0"
marginheight="0 " scrolling="auto " frameborder="0" >
</frameset>
The "autologout.asp x" page would have something as follows (C#):

private void Page_Load(objec t sender, System.EventArg s e)
{
// Code to log the user out here

// Script to close window
string strCloseWinScri pt = "<script
language='JavaS cript'>self.clo se()</script>";

// Register the script, so that the window closes
Page.RegisterSt artupScript("cl osewin", strCloseWinScri pt);
}
Hope this helps,

Mun

--
Munsifali Rashid
http://www.munsplace.com/


"Michelle Stone" <mi********@yah oo.com> wrote in message
news:03******** *************** *****@phx.gbl.. .
Hi everybody

I am writing a simple asp.net application using form
authentication. I store the list of all users and their
passwords in an SQL Server database table.

My client recently told me that he wants me to do
something through which only one user can login using any
given account name. I mean to say, for example, when a
user called "abc" is online, another person shouldn't be
allowed to login using the same login.

I thought of many possibilities. I am listing down some
here, along with some reasons why I am reluctant to use
them. If there is any better way, or if you have comments
on any of the following, please share them with me.

1. Use a field in the table called "bLoggedOn" and set it
to true when the user is on.

Problem: How can I know when the user is logged out? What
if the modem-line connection is cut in between? Or what
if the server crashes for five minutes?

2. Use an Application variable (perhaps an array or
something....fy i, the maximum number of users online at
any time is 50). But then again, how can I "log off" a
user if his connection is cut?

In any of the following cases, one thing is very
important. If he closes the browser and attempts to
relogin, he shouldn't get the message "you are already
logged on from another location." The users will be at
the frontdesk of an office and they can't wait for a few
minutes before the server automatically logs them off.

I need to know whether there is any way the server can
know when a guy logs off.

Thanks....

<oops, looks like this message got a bit too long :-) >

Nov 18 '05 #4
Following up on Munsifali's message, you could use the window_onunload event
to call the autologout.aspx without using the window.open jscript method.
You could use the xmlhttp object to call the logout page and in such case no
new window will be opened when the user unloads the html page.

Ex.

<script language="javas cript">
function window_onunload ()
{
var xmlhttp = new ActiveXObject(" Msxml2.XMLHTTP" );
xmlhttp.Open("P OST", "http://www.domain.com/autologout.aspx ",
false);
xmlhttp.Send(xm ldoc);
}
</script>

This code will call the logout page without openning a new page. However, it
needs the client browser to be IE version 5.0 or higher (I hope this won't
be a conflict with your requirements).

One Important Point to note here:
The onunload event is called also when you try to refresh the web page. This
means that the refresh would cause the onunload event to fire. You should
detect whether this is a refresh before sending the request for the
autologout.aspx

Regards
Mohamed El Ashmawy

mo************* **@Online.ITWor x.com
"Munsifali Rashid" <mun.news@#Remo veToReply#cordl essmouse.co.uk> wrote in
message news:%2******** ********@TK2MSF TNGP09.phx.gbl. ..
I have used the first option in the past with limited success. For this to work successfully, it is very important that you catch when the user is
logged out. You can run code in the Session_OnEnd event to reset bLoggedOn to false. However, one problem with this, is when the user closes the
window without logging out. Working around this takes a little more work.
Use a single frame frameset which contains the application. In the onUnload event of the frameset, run some code to log the user out. When they close
the window, it will popup a little box in the background which will log them out. This should execute very quickly, and will almost be transparent to
the user.

E.g.

Your frameset page would consist of the following:

<script language="javas cript">
function window_onunload ()
{
window.open("ht tp://www.domain.com/autologout.aspx ", "logout",
"width=100,heig ht=100,status=n o,toolbar=no,me nubar=no,locati on=no");
}
</script>
The frameset could consist of the following:

<frameset rows="100%" onUnload="windo w_onunload()">
<frame name="MainFrame " src="default.as px" marginwidth="0"
marginheight="0 " scrolling="auto " frameborder="0" >
</frameset>
The "autologout.asp x" page would have something as follows (C#):

private void Page_Load(objec t sender, System.EventArg s e)
{
// Code to log the user out here

// Script to close window
string strCloseWinScri pt = "<script
language='JavaS cript'>self.clo se()</script>";

// Register the script, so that the window closes
Page.RegisterSt artupScript("cl osewin", strCloseWinScri pt);
}
Hope this helps,

Mun

--
Munsifali Rashid
http://www.munsplace.com/


"Michelle Stone" <mi********@yah oo.com> wrote in message
news:03******** *************** *****@phx.gbl.. .
Hi everybody

I am writing a simple asp.net application using form
authentication. I store the list of all users and their
passwords in an SQL Server database table.

My client recently told me that he wants me to do
something through which only one user can login using any
given account name. I mean to say, for example, when a
user called "abc" is online, another person shouldn't be
allowed to login using the same login.

I thought of many possibilities. I am listing down some
here, along with some reasons why I am reluctant to use
them. If there is any better way, or if you have comments
on any of the following, please share them with me.

1. Use a field in the table called "bLoggedOn" and set it
to true when the user is on.

Problem: How can I know when the user is logged out? What
if the modem-line connection is cut in between? Or what
if the server crashes for five minutes?

2. Use an Application variable (perhaps an array or
something....fy i, the maximum number of users online at
any time is 50). But then again, how can I "log off" a
user if his connection is cut?

In any of the following cases, one thing is very
important. If he closes the browser and attempts to
relogin, he shouldn't get the message "you are already
logged on from another location." The users will be at
the frontdesk of an office and they can't wait for a few
minutes before the server automatically logs them off.

I need to know whether there is any way the server can
know when a guy logs off.

Thanks....

<oops, looks like this message got a bit too long :-) >


Nov 18 '05 #5
Hi Michelle,

Whaty I would do is to create a Collection or Array in the Application Cache
(this can be done during the Application_OnS tart Event Hander). Then, in the
Session_OnStart Event Handler, add the user id of the current logged-in user
to that Collection. You can then check that Collection whenever a user tries
to log in. In the Session_OnEnd Event Handler, remove that user from the
collection.

--
HTH,
Kevin Spencer
..Net Developer
Microsoft MVP
Big things are made up
of lots of little things.

"Michelle Stone" <mi********@yah oo.com> wrote in message
news:03******** *************** *****@phx.gbl.. .
Hi everybody

I am writing a simple asp.net application using form
authentication. I store the list of all users and their
passwords in an SQL Server database table.

My client recently told me that he wants me to do
something through which only one user can login using any
given account name. I mean to say, for example, when a
user called "abc" is online, another person shouldn't be
allowed to login using the same login.

I thought of many possibilities. I am listing down some
here, along with some reasons why I am reluctant to use
them. If there is any better way, or if you have comments
on any of the following, please share them with me.

1. Use a field in the table called "bLoggedOn" and set it
to true when the user is on.

Problem: How can I know when the user is logged out? What
if the modem-line connection is cut in between? Or what
if the server crashes for five minutes?

2. Use an Application variable (perhaps an array or
something....fy i, the maximum number of users online at
any time is 50). But then again, how can I "log off" a
user if his connection is cut?

In any of the following cases, one thing is very
important. If he closes the browser and attempts to
relogin, he shouldn't get the message "you are already
logged on from another location." The users will be at
the frontdesk of an office and they can't wait for a few
minutes before the server automatically logs them off.

I need to know whether there is any way the server can
know when a guy logs off.

Thanks....

<oops, looks like this message got a bit too long :-) >

Nov 18 '05 #6

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

3
1565
by: Frantisek Fuka | last post by:
I am using the standard "logging" module included with Python and it seems it doesn't correctly identify the filename (and thus module name) from where the logging method was called. In fact, no matter from which module I call the logging method, the resulting log says that the filename of the caller is: \tmp\python.2664\usr\lib\python2.3\logging\__init__.py (this seems to me like a reference to the logging module itself combined with...
8
1984
by: Steve Erickson | last post by:
I have a logger class that uses the Python logging module. When I call it within a program using the unittest module, I get one line in the log file for the first test, two identical ones for the second, etc. I'm using local variables, which should go out of context with each test. Setting the 'propagate' property to False doesn't have any affect. import logging, os, signal, sys from datetime import datetime
5
2066
by: jason | last post by:
I could sure use some conceptualization and query help with a Page Watch System I am building in Access 2000 and Asp. I need to cycle through databae and generate a compiliation query email that notifies a person of yacht(s) that have changed on our website: Key database tables ---------------------------------------------------------------------------- Customer (1) --->> (many) Customer_Boats (many)<<---- Boat (1)
2
4038
by: Arif Khan | last post by:
Hi, I want to write down a function entry point logging method, allowing logging of passed in parameters values along with function name and parameter names. I know I can get the parameter name and function name using System.Reflection or StackFrame but not sure if if it's possible to retreive runtime passed in actual parameter values in .net 1.1 ? e.g. class User { public string GetName(int userId)
0
2100
by: rajesh.hanchate | last post by:
Please help me in resolving this issue. I am using EnterpriseLibrary 2.0 Exception and logging block for logging exceptions to event log. It works fine for sometime. After some time it stops logging to event log. To make it active again I need to open the web.config and save without making any changes. It starts to work again. Here is the configuration I am using. <exceptionHandling>
18
2456
by: damezumari | last post by:
I would like to know how many of the visitors to my site has js enabled and how many has it turned off. I haven't found a simple solution searching Google groups so I suggest the following using php and mysql: Create a table mc_jscount table in mysql with two fields nonjs (int) and js (int). Create one record with nonjs and js set to zero. Put this code at the top of your page:
12
1915
by: Eric S. Johansson | last post by:
I need to to be able to conditionally log based on the method the log statement is in and one other factor like a log level. in order to do so, I need to be able to automatically find out the name of the method and its class but I haven't found out how to do that yet. for example, class catus(Felis): def Siamese_cat( yowl, purr, demand_food):
6
7573
by: Larry Bates | last post by:
Every time I look at the logging module (up until now) I've given up and continue to use my home-grown logger that I've been using for years. I'm not giving up this time ;-) I find that I REALLY need to be able to monitor LOTS of running programs/processes and thought it would be nice to have them use SocketHandler logging and then I would write TCPServer to accept the log messages for real-time monitoring. I Googled (is that now a...
1
2609
by: arunairs | last post by:
Hi, Using the EnterpriseLibrary 4.0, is it possible to Log the method name in the log file. I have it cofigured thus: <loggingConfiguration name="Logging Application Block" tracingEnabled="true" defaultCategory="General" logWarningsWhenNoCategoriesMatch="true"> <listeners>
0
7934
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
0
8424
Oralloy
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. Here is my compilation command: g++-12 -std=c++20 -Wnarrowing bit_field.cpp Here is the code in...
1
8069
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
0
8286
tracyyun
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
0
6742
agi2029
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own.... Now, this would greatly impact the work of software developers. The idea...
0
5445
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...
0
3912
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
0
3958
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
1
1537
muto222
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.