Preventing concurrent logins - Classic ASP

B

BenM

Description:
I would like to prevent a user from logging in with their user/password
combination on a different computer or even a different browser window, if
they are already logged in. I have a login page, from which I use a DB check
to verify user/password info. Also, I have a bit loggedIN field in the DB,
which I use to see if they are currently logged in; if so, I prevent them
from logging in a second time.

Problem:
Unless they click the "Log Out" button, then the DB value does not get
changed. Any suggestions as to how I can log them out, even if they simply
close the browser window or jump to a different page?

Thanks in advance!
 
M

Mark Schupp

1. Put a timestamp in the database and update it with every page hit. Then
you can have the login "time out"

2. At login time, give the user the option to cancel the pre-existing
session if one exists. You'll need to keep a unique "logged on" identifier
instead of a simple flag to block the previous session if an attempt is made
to re-use it.
 
L

larrybud2002

BenM said:
Description:
I would like to prevent a user from logging in with their user/password
combination on a different computer or even a different browser window, if
they are already logged in. I have a login page, from which I use a DB check
to verify user/password info. Also, I have a bit loggedIN field in the DB,
which I use to see if they are currently logged in; if so, I prevent them
from logging in a second time.

Problem:
Unless they click the "Log Out" button, then the DB value does not get
changed. Any suggestions as to how I can log them out, even if they simply
close the browser window or jump to a different page?
Click to expand...

Here's what I do: I have a table that contains the user ID,
application ID (which is just an identifier to the different apps we
have) an session ID.

Then the user logs in, those fields are populated. Every time a page
loads we have a toolbar that is included on each page. That page then
checks the current session ID against the database. IF it doesn't
match, I send them to a page which says "You can only be logged into
the application in one browser at a time"... or something like that.

So what ends up happening is that whatever browser session logs in
last, that's the valid session. That way someone could leave their
desk, go to another workstation, and still be able to log into their
account.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Problem with a login script, SESSION user rights and put this together so it works with the other pages and MySQL. Code examples. 2
Limit multiple concurrent logins/ accesses to one tab 0
Classic ASP, CDO.Message, and Server2012 0
Asynchronous Logins 8
Classic ASP ASPSessionID cookie HTTPOnly 4
prevent duplicate logins 2
Preventing Multiple Logins 1
Concurrent Containers 45

Members online

Total: 37 (members: 4, guests: 33)
Robots: 442

Forum statistics

Threads
473,768
Messages
2,569,574
Members
45,050
Latest member
AngelS122

Latest Threads

Top