Track a session user

Discussion in 'ASP .Net' started by tshad, Mar 4, 2005.

  1. tshad

    tshad Guest

    If I am using FormsAuthentication, is there a way to check who is logged in?

    I want to be able to check at any particular time, not just how many people
    are logged in, but who they are.

    One thing I want to do is not allow someone to log on from one browser and
    then log on again at the same time time from another browser. Or to prevent
    someone from using the same login at the same time.

    Thanks,

    Tom
     
    tshad, Mar 4, 2005
    #1
    1. Advertising

  2. tshad

    Sacha Korell Guest

    Hi Tom,

    I'm actually working on the same problem at this time and found some good
    articles:

    http://www.eggheadcafe.com/articles/20030416.asp
    http://www.eggheadcafe.com/articles/20030418.asp
    http://www.aspfree.com/index.php?option=content&task=view&id=2118

    All articles use a similar technique whereby you store the current user's id
    in application cache when they log in and remove it when they log out and it
    works fairly well.

    The only problem I have now is that my customer wants a user to be logged
    out of the system when he uses the same browser to navigate to a different
    website (without logging out). I other words, if the user navigates to a
    different website and uses the back button to get back to my application, he
    should have to log in again.

    Sacha


    "tshad" <> wrote in message
    news:%...
    > If I am using FormsAuthentication, is there a way to check who is logged
    > in?
    >
    > I want to be able to check at any particular time, not just how many
    > people are logged in, but who they are.
    >
    > One thing I want to do is not allow someone to log on from one browser and
    > then log on again at the same time time from another browser. Or to
    > prevent someone from using the same login at the same time.
    >
    > Thanks,
    >
    > Tom
    >
     
    Sacha Korell, Mar 4, 2005
    #2
    1. Advertising

  3. tshad

    tshad Guest

    "Sacha Korell" <> wrote in message
    news:...
    > Hi Tom,
    >
    > I'm actually working on the same problem at this time and found some good
    > articles:
    >
    > http://www.eggheadcafe.com/articles/20030416.asp
    > http://www.eggheadcafe.com/articles/20030418.asp
    > http://www.aspfree.com/index.php?option=content&task=view&id=2118
    >
    > All articles use a similar technique whereby you store the current user's
    > id in application cache when they log in and remove it when they log out
    > and it works fairly well.


    I'll read those.

    I also need to take into account when the session times out. I was looking
    at putting a variable in the Application (global.asax) and track that each
    time a person logs in. But I ran into problems about when do you take it
    out? What if the user never logs out? What about the time out I mentioned?
    I would need to know when to remove him. That's why I was looking at the
    FormsAuthentication, since that is being kept track of anyway.

    >
    > The only problem I have now is that my customer wants a user to be logged
    > out of the system when he uses the same browser to navigate to a different
    > website (without logging out). I other words, if the user navigates to a
    > different website and uses the back button to get back to my application,
    > he should have to log in again.


    That would be a problem for use also.

    Thanks,

    Tom
    >
    > Sacha
    >
    >
    > "tshad" <> wrote in message
    > news:%...
    >> If I am using FormsAuthentication, is there a way to check who is logged
    >> in?
    >>
    >> I want to be able to check at any particular time, not just how many
    >> people are logged in, but who they are.
    >>
    >> One thing I want to do is not allow someone to log on from one browser
    >> and then log on again at the same time time from another browser. Or to
    >> prevent someone from using the same login at the same time.
    >>
    >> Thanks,
    >>
    >> Tom
    >>

    >
    >
     
    tshad, Mar 4, 2005
    #3
  4. tshad

    bruce barker Guest

    FormsAuthentication and Session are not related. you can run one without the
    other and they perform different functions.

    FormsAuthentication stores a security token in a cookie, and sets it for a
    onetime browser session (the browser decides when to expire it).

    Session Managers store session data somewhere and store a key in a cookie.
    every page hit the cookie expire is updated. if you use the inproc session
    manager, it times out the session and releases the session data. in some
    cases the session manager may expire the data before the browser expires the
    cookie.

    as web sites are stateless, it hard to detect who is logged in or not. some
    problems you will run into trying to track logins:

    1) user navigates from site or closes browser - the server does not know
    this, you have to write client code to try to detect and inform the server.

    2) if the user creates a new browser window thru the file new window - it
    gets the same cookie, so the server does not know two browser are talking to
    it.

    3) due to nat firewall translation, the ipaddress of the client may change
    between page requests.

    4) an asp.net recycle clears data stored in Application and inproc sessions


    -- bruce (sqlwork.com)




    "tshad" <> wrote in message
    news:%...
    | If I am using FormsAuthentication, is there a way to check who is logged
    in?
    |
    | I want to be able to check at any particular time, not just how many
    people
    | are logged in, but who they are.
    |
    | One thing I want to do is not allow someone to log on from one browser and
    | then log on again at the same time time from another browser. Or to
    prevent
    | someone from using the same login at the same time.
    |
    | Thanks,
    |
    | Tom
    |
    |
     
    bruce barker, Mar 5, 2005
    #4
  5. tshad

    Sacha Korell Guest

    There's a time out variable in the samples that you can set. I set mine to
    the same as the session time out (20 min) so that they tome out at
    approximately the same time when the user doesn't do anything.

    Sacha



    "tshad" <> wrote in message
    news:e1X$...
    > "Sacha Korell" <> wrote in message
    > news:...
    >> Hi Tom,
    >>
    >> I'm actually working on the same problem at this time and found some good
    >> articles:
    >>
    >> http://www.eggheadcafe.com/articles/20030416.asp
    >> http://www.eggheadcafe.com/articles/20030418.asp
    >> http://www.aspfree.com/index.php?option=content&task=view&id=2118
    >>
    >> All articles use a similar technique whereby you store the current user's
    >> id in application cache when they log in and remove it when they log out
    >> and it works fairly well.

    >
    > I'll read those.
    >
    > I also need to take into account when the session times out. I was
    > looking at putting a variable in the Application (global.asax) and track
    > that each time a person logs in. But I ran into problems about when do
    > you take it out? What if the user never logs out? What about the time out
    > I mentioned? I would need to know when to remove him. That's why I was
    > looking at the FormsAuthentication, since that is being kept track of
    > anyway.
    >
    >>
    >> The only problem I have now is that my customer wants a user to be logged
    >> out of the system when he uses the same browser to navigate to a
    >> different website (without logging out). I other words, if the user
    >> navigates to a different website and uses the back button to get back to
    >> my application, he should have to log in again.

    >
    > That would be a problem for use also.
    >
    > Thanks,
    >
    > Tom
    >>
    >> Sacha
    >>
    >>
    >> "tshad" <> wrote in message
    >> news:%...
    >>> If I am using FormsAuthentication, is there a way to check who is logged
    >>> in?
    >>>
    >>> I want to be able to check at any particular time, not just how many
    >>> people are logged in, but who they are.
    >>>
    >>> One thing I want to do is not allow someone to log on from one browser
    >>> and then log on again at the same time time from another browser. Or to
    >>> prevent someone from using the same login at the same time.
    >>>
    >>> Thanks,
    >>>
    >>> Tom
    >>>

    >>
    >>

    >
    >
     
    Sacha Korell, Mar 5, 2005
    #5
  6. tshad

    tshad Guest

    "bruce barker" <> wrote in message
    news:%...
    > FormsAuthentication and Session are not related. you can run one without
    > the
    > other and they perform different functions.
    >
    > FormsAuthentication stores a security token in a cookie, and sets it for a
    > onetime browser session (the browser decides when to expire it).


    But is there a way to query those who were authenticated. I assume the
    expiration is set by the timeout value in the web.config file.


    >
    > Session Managers store session data somewhere and store a key in a cookie.
    > every page hit the cookie expire is updated. if you use the inproc session
    > manager, it times out the session and releases the session data. in some
    > cases the session manager may expire the data before the browser expires
    > the
    > cookie.


    Does this include postbacks?

    >
    > as web sites are stateless, it hard to detect who is logged in or not.
    > some
    > problems you will run into trying to track logins:
    >
    > 1) user navigates from site or closes browser - the server does not know
    > this, you have to write client code to try to detect and inform the
    > server.
    >
    > 2) if the user creates a new browser window thru the file new window - it
    > gets the same cookie, so the server does not know two browser are talking
    > to
    > it.
    >

    This is one of the problems I found with Mozilla (Netscape also, I assume).

    If I log on using FormsAuthentication, and open a new window (before I close
    the first one), I am now in both browsers. Very dangerous if you are trying
    to track and control data access.

    IE, doesn't do this. A new Browser has to log on again, even if there is
    already one open.

    > 3) due to nat firewall translation, the ipaddress of the client may change
    > between page requests.
    >
    > 4) an asp.net recycle clears data stored in Application and inproc
    > sessions


    I need to find out some way to track who is still around as we have a system
    that is set up on the concept of seats. Very difficult to handle if you
    don't know who is there (or is potentially there - as you say they could
    have closed their browser or left the site). If we allow 10 people access
    to certain areas of our site at one time, we need to know who is there.

    I know you can't know if someone leaves the site or just leaves turns their
    browser off. But if you have a timeout of 20 minutes, there should be some
    way of know who has been logged on in the last 20 minutes. I was hoping
    there was a way to see if a person was their by their sessions and if their
    sessions had expired, they are not there anymore.

    Tom
    >
    >
    > -- bruce (sqlwork.com)
    >
    >
    >
    >
    > "tshad" <> wrote in message
    > news:%...
    > | If I am using FormsAuthentication, is there a way to check who is logged
    > in?
    > |
    > | I want to be able to check at any particular time, not just how many
    > people
    > | are logged in, but who they are.
    > |
    > | One thing I want to do is not allow someone to log on from one browser
    > and
    > | then log on again at the same time time from another browser. Or to
    > prevent
    > | someone from using the same login at the same time.
    > |
    > | Thanks,
    > |
    > | Tom
    > |
    > |
    >
    >
     
    tshad, Mar 14, 2005
    #6
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. John
    Replies:
    0
    Views:
    362
  2. Q.Z
    Replies:
    1
    Views:
    363
    bruce barker
    Jan 7, 2004
  3. =?iso-8859-1?Q?Bruno_Mendon=E7a?=

    Track Domain User Logons and Logoffs

    =?iso-8859-1?Q?Bruno_Mendon=E7a?=, Jun 3, 2004, in forum: ASP .Net
    Replies:
    5
    Views:
    4,908
    John Saunders
    Jun 4, 2004
  4. Alan Wang

    Keep track of Session value

    Alan Wang, Oct 28, 2005, in forum: ASP .Net
    Replies:
    3
    Views:
    437
    Peter Rilling
    Oct 28, 2005
  5. hokiegal99

    Using Loops to track user input

    hokiegal99, Jul 6, 2003, in forum: Python
    Replies:
    9
    Views:
    349
    Christos TZOTZIOY Georgiou
    Jul 21, 2003
Loading...

Share This Page