let users logon only once??

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Hi,

I am trying to find out what's the best practice if you wan't to restrict users to logon just once on an asp.net app with forms authentication.

So If someone starts a new session he is not able to logon again. Also from another computer
What should I do, store it in a db or hold it in a application variable
The application has lots of users (>500). Storing it in a database is very expensive, but how does the application object handle it? Does someone has other suggestions

Thanx in advance ;-
 
how about using a cookie?

Like what some sites do now, such as asp.net etc. Once you log in they write
a cookie to the users machine and this prevents the user from having to log
in everytime they visit the site. But if they clear their cookies they will
have to log in again.



Victor said:
Hi,

I am trying to find out what's the best practice if you wan't to restrict
Click to expand...
users to logon just once on an asp.net app with forms authentication.
So If someone starts a new session he is not able to logon again. Also from another computer.
What should I do, store it in a db or hold it in a application variable.
The application has lots of users (>500). Storing it in a database is very
Click to expand...
expensive, but how does the application object handle it? Does someone has
other suggestions?
 
I store it in a database. One of the problems you will have to solve is
reliable logoff.

if the user exits the browser, then starts a new browser, and navigates
back, it will look like a second session to the server.

-- bruce (sqlwork.com)



Victor said:
Hi,

I am trying to find out what's the best practice if you wan't to restrict
Click to expand...
users to logon just once on an asp.net app with forms authentication.
So If someone starts a new session he is not able to logon again. Also from another computer.
What should I do, store it in a db or hold it in a application variable.
The application has lots of users (>500). Storing it in a database is very
Click to expand...
expensive, but how does the application object handle it? Does someone has
other suggestions?
 
Victor said:
Hi,

I am trying to find out what's the best practice if you wan't to restrict
Click to expand...
users to logon just once on an asp.net app with forms authentication.
So If someone starts a new session he is not able to logon again. Also from another computer.
What should I do, store it in a db or hold it in a application variable.
The application has lots of users (>500). Storing it in a database is very
Click to expand...
expensive, but how does the application object handle it? Does someone has
other suggestions?

Before you go to a lot of effort about this, make sure that you really need
the user to be logged on only once.

Also, be sure you know what you mean by, "only once". Do you mean once per
browser? Once per session? But the user can't see a session, so you may have
trouble there.

Also, what constitutes "logging off"?
 
Back
Top