Stopping multiple logins in ASP.Net

  • Thread starter Thread starter Conformix Sales
  • Start date Start date
C

Conformix Sales

Any thought about how can I stop a user from logging into the application
multiple times. I am using forms authentication.
 
Quite a few methods come to mind. put the userIds in an arraylist and store
that in the application - looping through it and checking for an existing
entry whenever someone logs in. Update your database user table with a
field "isLoggedIn" and set it to true.

The problem with these methods is removing the user when he/she logs
out...it's simply if they explicitely log out, but if they simply close
their browser...you'd need to add a timestamp and clean it up routinely.

Karl
 
If I use a database table with a "isLoggedIn" field and set it to true on
user login, how do I add a timestamp and clean it up routinely?
 
Well, what I would do is add a second field "lastLoggedIn" as a datetime
and set it to getDate() at the same time you set the IsLoggedIn to true.

Before accepting a login from a user, if lastLoggedIn > 30 minutes (for
example), I would set isLoggedIn to false
then I would only accept logins from people who's isLoggedIn is false

You could make it even better and update the lastLoggedIn field for every
page hit...this would let you be far more responsive...you could change the
maximum login time to 5-10 minutes...depending on what type of application
you have and how often you expect users to hit a new page..

Karl
 
You'll always have that problem. That's wha tthe lastLoggedIn time is
for.....if they've been idle for 5 minutes, you can reset the account and
assume they simply closed their browser. You can also use javascript events
such as onbeforeunload in IE to work some magic...but I agree it'll always
be a problem...it's your only real solution though...

Karl
 
Thanks!

Karl Seguin said:
You'll always have that problem. That's wha tthe lastLoggedIn time is
for.....if they've been idle for 5 minutes, you can reset the account and
assume they simply closed their browser. You can also use javascript
events
such as onbeforeunload in IE to work some magic...but I agree it'll always
be a problem...it's your only real solution though...

Karl
 
May I know why you are not considering Session variables

kumar
 
Why dont you add the username to a session variable, like
Session["userName"] = "something"; Then keep checking the
existence of this session variable. Session has a fixed
timeout period. By default 20 minutes idle time, after
which all the session variables are cleared. So, this
saves you from multiple calls to database. Asp.Net take
care of session clearance, if the user closes the browser.

Kumar
 
how do I keep checking the existence of this session variable even if the
user closes the browser?

Kumar Reddi said:
Why dont you add the username to a session variable, like
Session["userName"] = "something"; Then keep checking the
existence of this session variable. Session has a fixed
timeout period. By default 20 minutes idle time, after
which all the session variables are cleared. So, this
saves you from multiple calls to database. Asp.Net take
care of session clearance, if the user closes the browser.

Kumar
-----Original Message-----
What do you mean?





.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Back
Top