Keeping track of users LogIn

Discussion in 'ASP .Net' started by Eric S, Mar 2, 2010.

  1. Eric S

    Eric S Guest

    Hi All,

    When I create a credential for users to log in, I can not allow them to log
    in more then 2 different computers. Otherwise the user can provide the
    Credential for 20 different people and will try hammer the server.

    If user A logged in I can update a flag in a table called MemberInfo and
    when he/she Logged out I can reset that flag and also have a counter of the
    numbers of logins.... Or even can update the time he/she logged in.

    a)
    Problem is what happens when he closed the browser and did not log out?

    b)
    If the browser is crashed then there is no way for me to update the flag.

    How would you handle this kind of situation?
    Appreciate some code / Ideas.

    Thanks,

    Eric
     
    Eric S, Mar 2, 2010
    #1
    1. Advertising

  2. Eric S

    Andy O'Neill Guest

    "Eric S" <> wrote in message
    news:...
    > Hi All,
    >
    > When I create a credential for users to log in, I can not allow them to
    > log in more then 2 different computers. Otherwise the user can provide the
    > Credential for 20 different people and will try hammer the server.
    >
    > If user A logged in I can update a flag in a table called MemberInfo and
    > when he/she Logged out I can reset that flag and also have a counter of
    > the numbers of logins.... Or even can update the time he/she logged in.
    >
    > a)
    > Problem is what happens when he closed the browser and did not log out?
    >
    > b)
    > If the browser is crashed then there is no way for me to update the flag.
    >
    > How would you handle this kind of situation?
    > Appreciate some code / Ideas.
    >
    > Thanks,
    >
    > Eric
    >


    Intranet or web?

    On an intranet you could use the user's windows credentials.
    Either way, take a look at the membership provider.
     
    Andy O'Neill, Mar 2, 2010
    #2
    1. Advertising

  3. On 2 Mrz., 19:58, "Eric S" <> wrote:
    > Hi All,
    >
    > When I create a credential for users to log in, I can not  allow them to log
    > in more then 2 different computers. Otherwise the user can provide the
    > Credential for 20 different people and will try hammer the server.
    >
    > If user A logged in I can update a flag in a table called MemberInfo and
    > when he/she  Logged out I can reset that flag and also have a counter of the
    > numbers of logins.... Or even can update the time he/she logged in.
    >
    > a)
    > Problem is what happens when he closed the browser and did not log out?
    >
    > b)
    > If the browser is crashed then there is no way for me to update the flag.
    >
    > How would you handle this kind of situation?
    > Appreciate some code / Ideas.
    >
    > Thanks,
    >
    > Eric


    Consider another approach. For example, using client's IP address. On
    login you can keep the IP and time in MemberInfo. After that this
    information could be used to check if you could allow a logon or not.
    If the same IP, then user is valid. If a different IP within say 20
    minutes of the last use on another address then you must apply the
    lockout rule.

    This will not work if users coming out of the same router (e.g.
    corporate proxy) - they all will have the same IP address. You may
    also wish to save a short period encypted cookie to provide a session
    marker upon logon.
     
    Alexey Smirnov, Mar 2, 2010
    #3
  4. On 2 Mrz., 19:58, "Eric S" <> wrote:
    > Hi All,
    >
    > When I create a credential for users to log in, I can not  allow them to log
    > in more then 2 different computers. Otherwise the user can provide the
    > Credential for 20 different people and will try hammer the server.
    >
    > If user A logged in I can update a flag in a table called MemberInfo and
    > when he/she  Logged out I can reset that flag and also have a counter of the
    > numbers of logins.... Or even can update the time he/she logged in.
    >
    > a)
    > Problem is what happens when he closed the browser and did not log out?
    >
    > b)
    > If the browser is crashed then there is no way for me to update the flag.
    >
    > How would you handle this kind of situation?
    > Appreciate some code / Ideas.
    >
    > Thanks,
    >
    > Eric


    One more tip
    http://teknohippy.net/2008/08/21/stopping-aspnet-concurrent-logins/
     
    Alexey Smirnov, Mar 2, 2010
    #4
  5. Eric S

    Eric S Guest

    Hi Alexey,

    Thanks for the reply it is informative...
    Any suggested code (or blog somewhere) is also appreciated.

    Regards,

    Eric

    "Alexey Smirnov" <> wrote in message
    news:...
    On 2 Mrz., 19:58, "Eric S" <> wrote:
    > Hi All,
    >
    > When I create a credential for users to log in, I can not allow them to
    > log
    > in more then 2 different computers. Otherwise the user can provide the
    > Credential for 20 different people and will try hammer the server.
    >
    > If user A logged in I can update a flag in a table called MemberInfo and
    > when he/she Logged out I can reset that flag and also have a counter of
    > the
    > numbers of logins.... Or even can update the time he/she logged in.
    >
    > a)
    > Problem is what happens when he closed the browser and did not log out?
    >
    > b)
    > If the browser is crashed then there is no way for me to update the flag.
    >
    > How would you handle this kind of situation?
    > Appreciate some code / Ideas.
    >
    > Thanks,
    >
    > Eric


    Consider another approach. For example, using client's IP address. On
    login you can keep the IP and time in MemberInfo. After that this
    information could be used to check if you could allow a logon or not.
    If the same IP, then user is valid. If a different IP within say 20
    minutes of the last use on another address then you must apply the
    lockout rule.

    This will not work if users coming out of the same router (e.g.
    corporate proxy) - they all will have the same IP address. You may
    also wish to save a short period encypted cookie to provide a session
    marker upon logon.
     
    Eric S, Mar 2, 2010
    #5
  6. Eric S

    Eric S Guest

    Thanks Alexey and that's takes care of it.

    "Alexey Smirnov" <> wrote in message
    news:...
    On 2 Mrz., 19:58, "Eric S" <> wrote:
    > Hi All,
    >
    > When I create a credential for users to log in, I can not allow them to
    > log
    > in more then 2 different computers. Otherwise the user can provide the
    > Credential for 20 different people and will try hammer the server.
    >
    > If user A logged in I can update a flag in a table called MemberInfo and
    > when he/she Logged out I can reset that flag and also have a counter of
    > the
    > numbers of logins.... Or even can update the time he/she logged in.
    >
    > a)
    > Problem is what happens when he closed the browser and did not log out?
    >
    > b)
    > If the browser is crashed then there is no way for me to update the flag.
    >
    > How would you handle this kind of situation?
    > Appreciate some code / Ideas.
    >
    > Thanks,
    >
    > Eric


    One more tip
    http://teknohippy.net/2008/08/21/stopping-aspnet-concurrent-logins/
     
    Eric S, Mar 2, 2010
    #6
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. John
    Replies:
    0
    Views:
    369
  2. Utter Newbie
    Replies:
    0
    Views:
    478
    Utter Newbie
    Jul 28, 2003
  3. =?Utf-8?B?dHBlcnJp?=
    Replies:
    4
    Views:
    2,026
    =?Utf-8?B?Rng=?=
    Jul 12, 2005
  4. Anders Steinlein

    Keeping track of online users

    Anders Steinlein, Apr 20, 2004, in forum: Java
    Replies:
    0
    Views:
    376
    Anders Steinlein
    Apr 20, 2004
  5. Jack
    Replies:
    1
    Views:
    135
    dNagel
    Feb 24, 2006
Loading...

Share This Page