If I am using FormsAuthentication, is there a way to check who is logged in?
I want to be able to check at any particular time, not just how many people
are logged in, but who they are.
One thing I want to do is not allow someone to log on from one browser and
then log on again at the same time time from another browser. Or to prevent
someone from using the same login at the same time.
Thanks,
Tom
5  3683 
Hi Tom,
I'm actually working on the same problem at this time and found some good
articles: http://www.eggheadcafe.com/articles/20030416.asp http://www.eggheadcafe.com/articles/20030418.asp http://www.aspfree.com/index.php?opt...k=view&id=2118
All articles use a similar technique whereby you store the current user's id
in application cache when they log in and remove it when they log out and it
works fairly well.
The only problem I have now is that my customer wants a user to be logged
out of the system when he uses the same browser to navigate to a different
website (without logging out). I other words, if the user navigates to a
different website and uses the back button to get back to my application, he
should have to log in again.
Sacha
"tshad" <ts**********@ftsolutions.com> wrote in message
news:%2****************@TK2MSFTNGP09.phx.gbl... If I am using FormsAuthentication, is there a way to check who is logged
in?
I want to be able to check at any particular time, not just how many
people are logged in, but who they are.
One thing I want to do is not allow someone to log on from one browser and
then log on again at the same time time from another browser. Or to
prevent someone from using the same login at the same time.
Thanks,
Tom
"Sacha Korell" <ko****@huntsville.sparta.com> wrote in message
news:eb**************@TK2MSFTNGP14.phx.gbl... Hi Tom,
I'm actually working on the same problem at this time and found some good
articles:
http://www.eggheadcafe.com/articles/20030416.asp
http://www.eggheadcafe.com/articles/20030418.asp
http://www.aspfree.com/index.php?opt...k=view&id=2118
All articles use a similar technique whereby you store the current user's
id in application cache when they log in and remove it when they log out
and it works fairly well.
I'll read those.
I also need to take into account when the session times out. I was looking
at putting a variable in the Application (global.asax) and track that each
time a person logs in. But I ran into problems about when do you take it
out? What if the user never logs out? What about the time out I mentioned?
I would need to know when to remove him. That's why I was looking at the
FormsAuthentication, since that is being kept track of anyway.
The only problem I have now is that my customer wants a user to be logged
out of the system when he uses the same browser to navigate to a different
website (without logging out). I other words, if the user navigates to a
different website and uses the back button to get back to my application,
he should have to log in again.
That would be a problem for use also.
Thanks,
Tom
Sacha
"tshad" <ts**********@ftsolutions.com> wrote in message
news:%2****************@TK2MSFTNGP09.phx.gbl... If I am using FormsAuthentication, is there a way to check who is logged
in?
I want to be able to check at any particular time, not just how many
people are logged in, but who they are.
One thing I want to do is not allow someone to log on from one browser
and then log on again at the same time time from another browser. Or to
prevent someone from using the same login at the same time.
Thanks,
Tom
FormsAuthentication and Session are not related. you can run one without the
other and they perform different functions.
FormsAuthentication stores a security token in a cookie, and sets it for a
onetime browser session (the browser decides when to expire it).
Session Managers store session data somewhere and store a key in a cookie.
every page hit the cookie expire is updated. if you use the inproc session
manager, it times out the session and releases the session data. in some
cases the session manager may expire the data before the browser expires the
cookie.
as web sites are stateless, it hard to detect who is logged in or not. some
problems you will run into trying to track logins:
1) user navigates from site or closes browser - the server does not know
this, you have to write client code to try to detect and inform the server.
2) if the user creates a new browser window thru the file new window - it
gets the same cookie, so the server does not know two browser are talking to
it.
3) due to nat firewall translation, the ipaddress of the client may change
between page requests.
4) an asp.net recycle clears data stored in Application and inproc sessions
-- bruce (sqlwork.com)
"tshad" <ts**********@ftsolutions.com> wrote in message
news:%2****************@TK2MSFTNGP09.phx.gbl...
| If I am using FormsAuthentication, is there a way to check who is logged
in?
|
| I want to be able to check at any particular time, not just how many
people
| are logged in, but who they are.
|
| One thing I want to do is not allow someone to log on from one browser and
| then log on again at the same time time from another browser. Or to
prevent
| someone from using the same login at the same time.
|
| Thanks,
|
| Tom
|
|
There's a time out variable in the samples that you can set. I set mine to
the same as the session time out (20 min) so that they tome out at
approximately the same time when the user doesn't do anything.
Sacha
"tshad" <ts**********@ftsolutions.com> wrote in message
news:e1**************@TK2MSFTNGP15.phx.gbl... "Sacha Korell" <ko****@huntsville.sparta.com> wrote in message
news:eb**************@TK2MSFTNGP14.phx.gbl... Hi Tom,
I'm actually working on the same problem at this time and found some good
articles:
http://www.eggheadcafe.com/articles/20030416.asp
http://www.eggheadcafe.com/articles/20030418.asp
http://www.aspfree.com/index.php?opt...k=view&id=2118
All articles use a similar technique whereby you store the current user's
id in application cache when they log in and remove it when they log out
and it works fairly well.
I'll read those.
I also need to take into account when the session times out. I was
looking at putting a variable in the Application (global.asax) and track
that each time a person logs in. But I ran into problems about when do
you take it out? What if the user never logs out? What about the time out
I mentioned? I would need to know when to remove him. That's why I was
looking at the FormsAuthentication, since that is being kept track of
anyway.
The only problem I have now is that my customer wants a user to be logged
out of the system when he uses the same browser to navigate to a
different website (without logging out). I other words, if the user
navigates to a different website and uses the back button to get back to
my application, he should have to log in again.
That would be a problem for use also.
Thanks,
Tom
Sacha
"tshad" <ts**********@ftsolutions.com> wrote in message
news:%2****************@TK2MSFTNGP09.phx.gbl... If I am using FormsAuthentication, is there a way to check who is logged
in?
I want to be able to check at any particular time, not just how many
people are logged in, but who they are.
One thing I want to do is not allow someone to log on from one browser
and then log on again at the same time time from another browser. Or to
prevent someone from using the same login at the same time.
Thanks,
Tom
"bruce barker" <no***********@safeco.com> wrote in message
news:%2****************@TK2MSFTNGP15.phx.gbl... FormsAuthentication and Session are not related. you can run one without
the
other and they perform different functions.
FormsAuthentication stores a security token in a cookie, and sets it for a
onetime browser session (the browser decides when to expire it).
But is there a way to query those who were authenticated. I assume the
expiration is set by the timeout value in the web.config file.
Session Managers store session data somewhere and store a key in a cookie.
every page hit the cookie expire is updated. if you use the inproc session
manager, it times out the session and releases the session data. in some
cases the session manager may expire the data before the browser expires
the
cookie.
Does this include postbacks?
as web sites are stateless, it hard to detect who is logged in or not.
some
problems you will run into trying to track logins:
1) user navigates from site or closes browser - the server does not know
this, you have to write client code to try to detect and inform the
server.
2) if the user creates a new browser window thru the file new window - it
gets the same cookie, so the server does not know two browser are talking
to
it.
This is one of the problems I found with Mozilla (Netscape also, I assume).
If I log on using FormsAuthentication, and open a new window (before I close
the first one), I am now in both browsers. Very dangerous if you are trying
to track and control data access.
IE, doesn't do this. A new Browser has to log on again, even if there is
already one open.
3) due to nat firewall translation, the ipaddress of the client may change
between page requests.
4) an asp.net recycle clears data stored in Application and inproc
sessions
I need to find out some way to track who is still around as we have a system
that is set up on the concept of seats. Very difficult to handle if you
don't know who is there (or is potentially there - as you say they could
have closed their browser or left the site). If we allow 10 people access
to certain areas of our site at one time, we need to know who is there.
I know you can't know if someone leaves the site or just leaves turns their
browser off. But if you have a timeout of 20 minutes, there should be some
way of know who has been logged on in the last 20 minutes. I was hoping
there was a way to see if a person was their by their sessions and if their
sessions had expired, they are not there anymore.
Tom
-- bruce (sqlwork.com)
"tshad" <ts**********@ftsolutions.com> wrote in message
news:%2****************@TK2MSFTNGP09.phx.gbl...
| If I am using FormsAuthentication, is there a way to check who is logged
in?
|
| I want to be able to check at any particular time, not just how many
people
| are logged in, but who they are.
|
| One thing I want to do is not allow someone to log on from one browser
and
| then log on again at the same time time from another browser. Or to
prevent
| someone from using the same login at the same time.
|
| Thanks,
|
| Tom
|
|
This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: marslee |
last post by:
I want to prevent non-registered users to view a page in my website,
For example, when a non-registered user clicks the history page, the
website site refuses to go there since he is not...
|
by: d.schulz81 |
last post by:
Hi all,
We have about 10 different domains that are linked very closely and we
want to identify and keep track of every single user that surfs our
websites by the use of sessions.
The problem...
|
by: |
last post by:
(subject included - apologies)
<jason@catamaranco.com> wrote in message news:...
> Is there a simple way to track users leaving our site to vendors whose
wares
> we have advertised as a banner...
|
by: Colin Steadman |
last post by:
Suppose you have a site structure that looks like this:
|--Countries.asp
| |
|--Region.asp
| |
|--Cities.asp
| |
|--Population.asp
|
by: RR |
last post by:
We have cards that are numbered consecutively. These cards are given out to
different people in different sized batches. One group might get 5, the
next group might get 20.
What is a good...
|
by: Alan Wang |
last post by:
Hi there,
Once my application gets complicated and complicated. I found it's really
hard to keep track of Session value I am using in my asp.net application. I
am just wondering if anyone have...
|
by: andrea |
last post by:
Which is the best way to track the number of the user currently logged into
a web site?
I've some idea on mind, but I want to compare with you.
One could be to increment a session variable on...
|
by: johnny |
last post by:
hi all!
I am starting to study the best way to track site visitors.
Logfiles stats which come with every web hosting, have little metrics
to be analyzed and also problems with cached pages which...
|
by: Mitul |
last post by:
Hello everybody,
I am developing a community site and almost all works are competed.
There is major issue that I am facing is how to track user's online
status. I am using session data to save...
|
by: taylorcarr |
last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
|
by: Charles Arthur |
last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
|
by: aa123db |
last post by:
Variable and constants
Use var or let for variables and const fror constants.
Var foo ='bar';
Let foo ='bar';const baz ='bar';
Functions
function $name$ ($parameters$) {
}
...
|
by: emmanuelkatto |
last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud.
Please let me know.
Thanks!
Emmanuel
|
by: BarryA |
last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
|
by: Hystou |
last post by:
There are some requirements for setting up RAID:
1. The motherboard and BIOS support RAID configuration.
2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
| |
