471,595 Members | 1,594 Online
Bytes | Software Development & Data Engineering Community
Post +

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 471,595 software developers and data experts.

Prevent Multiple login in ASP.NET

Hi All,

I have to prevent multiple logins for the same user accessing at same time.
i.e. if xyz user is active, no other login should be allowed for the same
user ID.

I thought of saving active falg in databse. but when user closes browser or
anyhow regular logoff procedure is not called then that user will always be
in active state. So next time he will not be allowed to login.

Even Session_end() event will not occur if user will close the borwser.

Please help me if anyone has come accross the same problem.

Thanks
Bhavini
Nov 28 '06 #1
6 6066
Use the application cache with a sliding expiry of 5 minutes. At least this
way your user will be locked out for a maximum of 5 minutes. Additionally
I'd allow a duplicate login if it came from the same IP address.
Nov 28 '06 #2
Instead of preventing a 2nd login, just terminate the first one.
Nov 28 '06 #3
You could put a small hidden IFRAME in the page and when the window.unload
function occurs on the client, set the location to a page with undoes the
flag. Then on each page load redo it. It leaves you open to multiple logins
for a very small window but should catch when they close the browser.

I havent tried this myself as I normally talk people out of this requirement
when I tell them how much money will be spent or it.

--

Ciaran O''Donnell
http://wannabedeveloper.space.live.com
"Bhavini" wrote:
Hi All,

I have to prevent multiple logins for the same user accessing at same time.
i.e. if xyz user is active, no other login should be allowed for the same
user ID.

I thought of saving active falg in databse. but when user closes browser or
anyhow regular logoff procedure is not called then that user will always be
in active state. So next time he will not be allowed to login.

Even Session_end() event will not occur if user will close the borwser.

Please help me if anyone has come accross the same problem.

Thanks
Bhavini
Nov 28 '06 #4
"Bhavini" <Bh*****@discussions.microsoft.comwrote in message
news:A2**********************************@microsof t.com...
Even Session_end() event will not occur if user will close the borwser.
Yes it will, just not straightaway. The session will eventually time out
automatically according to the Timeout setting (20 minutes by default)
whereupon the Session_End() event will fire.
Nov 28 '06 #5
Thx for the reply.

But actually we are having webfarm scenario, so I dont think it will be
possible to use caching here. And another thing is, we cant bear the delay of
5 minutes. We should be able to login immediately once browser is closed.

Two scenarios I have in my mind
1) if we can catch browser close event and call logout process there. But I
am not sure how to catch browser close event.

2) In DB we can maintain Active/Inactive flag as well as SessionID for
partucular user. So when the same user is logging we can check that
particualr session is activ or not based on session ID. I guess session ID
should be unique.

"Peter Morris [Droopy eyes software]" wrote:
Use the application cache with a sliding expiry of 5 minutes. At least this
way your user will be locked out for a maximum of 5 minutes. Additionally
I'd allow a duplicate login if it came from the same IP address.
Nov 29 '06 #6
It is a bit pricey, but ScaleOut StateServer supports this
quite well. I love the ability to share session variables
across servers and across app domains across servers.

Very powerful.

http://www.eggheadcafe.com/articles/scaleout_server.asp

--
Robbe Morris - 2004-2006 Microsoft MVP C#
I've mapped the database to .NET class properties and methods to
implement an multi-layered object oriented environment for your
data access layer. Thus, you should rarely ever have to type the words
SqlCommand, SqlDataAdapter, or SqlConnection again.
http://www.eggheadcafe.com/articles/..._generator.asp

"Bhavini" <Bh*****@discussions.microsoft.comwrote in message
news:1E**********************************@microsof t.com...
Thx for the reply.

But actually we are having webfarm scenario, so I dont think it will be
possible to use caching here. And another thing is, we cant bear the delay
of
5 minutes. We should be able to login immediately once browser is closed.

Two scenarios I have in my mind
1) if we can catch browser close event and call logout process there. But
I
am not sure how to catch browser close event.

2) In DB we can maintain Active/Inactive flag as well as SessionID for
partucular user. So when the same user is logging we can check that
particualr session is activ or not based on session ID. I guess session ID
should be unique.

"Peter Morris [Droopy eyes software]" wrote:
>Use the application cache with a sliding expiry of 5 minutes. At least
this
way your user will be locked out for a maximum of 5 minutes.
Additionally
I'd allow a duplicate login if it came from the same IP address.
Nov 30 '06 #7

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

2 posts views Thread by James X. Li | last post: by
reply views Thread by XIAOLAOHU | last post: by
reply views Thread by leo001 | last post: by

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.