How to reject the same user to login twice by using Session?

[Guest]

Hi

I have a web application using asp.net and c#. User has to login to the application with his username and pwd. However, I do not allow other user uses the same username and pwd to login, i.e. one set of login ID cannot be used for twice except the logged in user's session has expired or he exited the system and terminate the session (Session.Clear().

Here is the C# code in my login cs file

[code
protected System.Web.UI.WebControls.TextBox username
protected System.Web.UI.WebControls.TextBox pwd
protected System.Web.UI.WebControls.Label label

private void ImageButton_Click(object sender, System.Web.UI.ImageClickEventArgs e

int e
User obj=null; //User is a clas
tr

obj = new User()
e = obj.Login(this.username.text,this.pwd.text)

switch(e

case User.LOGINOK

Session["LoggedUser"] = obj; //I created a session here after verifying there is such user in DB. But, for another user to login with this same username and pwd, how can I check the session has not expired and prevented him login

Response.Redirect("webapplication/default.aspx",true)
break

default
this.label.Text = "Wrong user name or pwd"
break



[/code

The session name "LoggedUser" in Session["LoggedUser"] has to be constant because this session name will be used to check whether the user has logged in before viewing the web pages in the application.

Or, I need to create a session login table in DB to insert and update a user's login status?
Or, I just edit the above code can perform the same function?

Any sound solution can be suggested to me?

Thanks for help

 

[Brad Williams]

Or, I need to create a session login table in DB to insert and update a

user's login status?

That's a proven approach to limit one session at a time per account. But
what are you going to do, lock out a user while they still have a session
live? What if they log in, then close their browser -- they can't log in
again for 20 minutes while the old session times out?! An alternative is to
have each login override any existing session, thus last browser to log in
with a certain username wins.

Brad Williams

 

[Guest]

lock out a user while they still have a session live? NO, prevent other login while the user logged in

What if they log in, then close their browser -- they can't log in again for 20 minutes while the old session times out
Can the session be terminated once the browser closed?

An alternative is to have each login override any existing session, thus last browser to log in with a certain username wins

Any sample code or online tutorial

 

[Peter Bromberg [C# MVP]]

Here's a solution I wrote about some time ago, hope it's useful. There are
many ways to "skin a session"..

http://www.eggheadcafe.com/articles/20030418.asp

Peter

lock out a user while they still have a session live? NO, prevent other

login while the user logged in.

What if they log in, then close their browser -- they can't log in again

for 20 minutes while the old session times out?

Can the session be terminated once the browser closed?

An alternative is to have each login override any existing session, thus

last browser to log in with a certain username wins.