Preventing same user from logging twice

[Karthik]

Hi,

I have a website running on ASP.Net on IIS 6.0. This website has more than
10000 users login everyday. At times the users login with the same user name
and password more than once at the same time.

I would like to prevent this from happening as it creates a huge problem at
the back end (SQL 2k).

I maintain all logins in a session to validate. For example if userid "xyz"
logs in, I maintain "xyz" in a session.

Is there any other way to traverse through all the session values? This way
I would be able to prevent "xyz" from logging in again, when he is already
logged in.

Can someone please help me as I am facing a lot of problem because of this?

Thank you.

Regards,
Kart

 

[Patrice]

IMO not easy. The easiest way I see would be to record at login time the
session id and to accept request only with this id. Note though that it
means that if someone logs in under an account, the currently connected
person will be unable to carry on its session.

If you do it the other way round (ie. keeping the session for the first
connected person) you'll ran into issues caused by the need to be able to
distinguish that the session expired...

Actually my first thought would be rather to see if the problem caused by
multiple sessions could be corrected. Generally this is when you associate
some temporary data with the user instead of associating these data with the
session (for example in a temp table you may want to use the sessionid
rather than the user id).

Patrice