º
ºa¤Ö@¤½¥q
i need when a user is logged in, his or her account is locked and no other
ppl can login by using these account.
ppl can login by using these account.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
A
Aaron Bertrand [SQL Server MVP]
How is a user authenticated? Using a database? So mark his row as
"LoggedIn" and if the same user tries to log in during that time, refuse
them.
The danger is, how do you "clean up" these LoggedIn values if the user
doesn't purposely log out, e.g. trips on his power cord, or lets his session
time out, navigates to another web site, or just closes his browser?
"LoggedIn" and if the same user tries to log in during that time, refuse
them.
The danger is, how do you "clean up" these LoggedIn values if the user
doesn't purposely log out, e.g. trips on his power cord, or lets his session
time out, navigates to another web site, or just closes his browser?
º
ºa¤Ö@¤½¥q
Yes Aaron
That's what i concern now. I am using database, however, I am no idea on the
"clean up" the field values if user logged out in not general procedure....
Can I using session_onend in global.asa?
or write some stored procedure or function inside sql server and run it
scheduly?
Thanks
That's what i concern now. I am using database, however, I am no idea on the
"clean up" the field values if user logged out in not general procedure....
Can I using session_onend in global.asa?
or write some stored procedure or function inside sql server and run it
scheduly?
Thanks
A
AF
That's what i concern now. I am using database, however, I am no idea on the
Hi there,
In addition to the 'is_loggedin' attribute, you can add a 'last_request' datetime
value. Each time the user sends a request to the server, this field is updated.
Regularly, from example every 20 minutes, simply run a background check to
detect who didn't send any request during the last timeout delay. You'll know
who didn't click the 'Logoff' button and if you've time enough to lose, you can
even send a tip "how to quit" to those users ; )
About the persistence mechanism... I suggested a database but if you could
also store it in a simple Application wide variable, as this information is clearly
designed to be reset after an application start.
Antonio
"clean up" the field values if user logged out in not general procedure....
Can I using session_onend in global.asa?
or write some stored procedure or function inside sql server and run it
scheduly?
Hi there,
In addition to the 'is_loggedin' attribute, you can add a 'last_request' datetime
value. Each time the user sends a request to the server, this field is updated.
Regularly, from example every 20 minutes, simply run a background check to
detect who didn't send any request during the last timeout delay. You'll know
who didn't click the 'Logoff' button and if you've time enough to lose, you can
even send a tip "how to quit" to those users ; )
About the persistence mechanism... I suggested a database but if you could
also store it in a simple Application wide variable, as this information is clearly
designed to be reset after an application start.
Antonio
P
PJones
A
AF
i need when a user is logged in, his or her account is locked and no other
I forgot to mention : what you want is not called single sign on. SSO is the
mechanism which allows you to access resources located in different places
or under different systems through a single authentication process.
Example of a SSO mechanism:
- corporate user authenticates through AD/W2k login screen
- he/she has access to the collaborative intranet portal without
needing to log in a second time, although he's browsing the service
through his windows identity.
What you're looking for is a measure to prevent "session hijacking" or
attacks.
Hope it will help you if you try googling around ; )
Antonio
ppl can login by using these account.
I forgot to mention : what you want is not called single sign on. SSO is the
mechanism which allows you to access resources located in different places
or under different systems through a single authentication process.
Example of a SSO mechanism:
- corporate user authenticates through AD/W2k login screen
- he/she has access to the collaborative intranet portal without
needing to log in a second time, although he's browsing the service
through his windows identity.
What you're looking for is a measure to prevent "session hijacking" or
attacks.
Hope it will help you if you try googling around ; )
Antonio
L
larrybud2002
ºa¤Ö@¤½¥q said:i need when a user is logged in, his or her account is locked and no other
ppl can login by using these account.
What I do on our intranet applications is keep the session ID of the
LAST logged in session for a particular ID in a database, and check to
see if it matches each time a page refreshes. If it doesn't match, I
redirect them to the login page.
So basically, whatever session that logged in last wins, so I user
could go from terminal to terminal and still log in under his account.
Ask a Question
Want to reply to this thread or ask your own question?
You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.
Similar Threads
Forum statistics
Latest Threads
-
What steps are the key steps involved in designing a product?
- Started by remotedevelopers
-
How to fetch and console.log all items from an associative array
- Started by John Keets
-
The *Best Python Cheat Sheet
- Started by kmh
-
Programming Blog
- Started by WhiteCube
-
Why getting 404 errors?
- Started by IBMJunkman
-
Wonky image crisis
- Started by OBXKH
-
JS exercise ''find the mistake'' not understood well
- Started by Chris
-
How does Mobile App Development company approach user experience (UX)?
- Started by remotedevelopers
-
Media query issue
- Started by OBXKH