Stopping multiple logins in ASP.Net

  • Thread starter Conformix Sales
  • Start date
C

Conformix Sales

Any thought about how can I stop a user from logging into the application
multiple times. I am using forms authentication.
 
K

Karl Seguin

Quite a few methods come to mind. put the userIds in an arraylist and store
that in the application - looping through it and checking for an existing
entry whenever someone logs in. Update your database user table with a
field "isLoggedIn" and set it to true.

The problem with these methods is removing the user when he/she logs
out...it's simply if they explicitely log out, but if they simply close
their browser...you'd need to add a timestamp and clean it up routinely.

Karl
 
L

Leon

If I use a database table with a "isLoggedIn" field and set it to true on
user login, how do I add a timestamp and clean it up routinely?
 
K

Karl Seguin

Well, what I would do is add a second field "lastLoggedIn" as a datetime
and set it to getDate() at the same time you set the IsLoggedIn to true.

Before accepting a login from a user, if lastLoggedIn > 30 minutes (for
example), I would set isLoggedIn to false
then I would only accept logins from people who's isLoggedIn is false

You could make it even better and update the lastLoggedIn field for every
page hit...this would let you be far more responsive...you could change the
maximum login time to 5-10 minutes...depending on what type of application
you have and how often you expect users to hit a new page..

Karl
 
K

Karl Seguin

You'll always have that problem. That's wha tthe lastLoggedIn time is
for.....if they've been idle for 5 minutes, you can reset the account and
assume they simply closed their browser. You can also use javascript events
such as onbeforeunload in IE to work some magic...but I agree it'll always
be a problem...it's your only real solution though...

Karl
 
L

Leon

Thanks!

Karl Seguin said:
You'll always have that problem. That's wha tthe lastLoggedIn time is
for.....if they've been idle for 5 minutes, you can reset the account and
assume they simply closed their browser. You can also use javascript
events
such as onbeforeunload in IE to work some magic...but I agree it'll always
be a problem...it's your only real solution though...

Karl
 
K

Kumar Reddi

Why dont you add the username to a session variable, like
Session["userName"] = "something"; Then keep checking the
existence of this session variable. Session has a fixed
timeout period. By default 20 minutes idle time, after
which all the session variables are cleared. So, this
saves you from multiple calls to database. Asp.Net take
care of session clearance, if the user closes the browser.

Kumar
 
L

Leon

how do I keep checking the existence of this session variable even if the
user closes the browser?

Kumar Reddi said:
Why dont you add the username to a session variable, like
Session["userName"] = "something"; Then keep checking the
existence of this session variable. Session has a fixed
timeout period. By default 20 minutes idle time, after
which all the session variables are cleared. So, this
saves you from multiple calls to database. Asp.Net take
care of session clearance, if the user closes the browser.

Kumar
-----Original Message-----
What do you mean?





.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

Forum statistics

Threads
473,734
Messages
2,569,441
Members
44,832
Latest member
GlennSmall

Latest Threads

Top