Single login

[John Baima]

I want to be able to restirct my site to one login at a time per
userid. I have read some good solutions to avoid a second login:

http://www.aspfree.com/c/a/ASP.NET/Preventing-Simultaneous-Logons/

http://www.eggheadcafe.com/articles/20030416.asp

http://www.eggheadcafe.com/articles/20030418.asp

But what I would really like to do is to kick the old user off and let
the new login on. This seems like a much more normal situation. A user
is using the web site on a desktop, and then leaves and logs on with
an iPhone. Do I want to keep him off the iPhone until the old session
expires, or allow the iPhone and kill the desktop session?

Any suggestions about how to do that? If I know the session id, can I
do the equivalent of Session.Abandon() and Session.Redirect() to
another session outside of the current session? Can I send a message
to another session based on the session id?

Thanks!

-John

John Baima

 

[John Baima]

This sort of thing is diametrically opposed to the whole multi-user nature
of the web. Sounds like a web application is the wrong solution for your
requirements...

No, it definitely is the right way to do it. The web is good for lots
of different things. I don't think that there is any permanent "nature
of the web." It is what we make it to be.

The problem is that the content site is disconnected from the payment
site so people could share their login and give away content without
risking any personal information.

Not directly, because sessions are not available externally. You would need
to write a record to a database when the new session is created, and code
your web app to look for records in a database Message table at regular
intervals.

I would suggest that you re-think your solution...

Thanks, I have re-thought the solution and it is quite easy! When I
log in, I will write the datetime to the login log and to a session
var. When I am refreshing the page (I don't care if it is just sitting
there), I check for a newer login for that userid. That's pretty
simple.

Cheers! -John

John Baima

 

[Mike Gleason jr Couturier]

But what I would really like to do is to kick the old user off and let
the new login on.

If you don't have a lot of sim. users you could use the Application data
structure.

When logging in, you store something unique in the global structure (can be
a date, can be the MD5 of something unique) and in the user's session :

DateTime d = DateTime.Now;
Application[myUserId] = d;
Session["cookie"] = d;

DateTime d = (DateTime)Session["cookie"];
int userId = (int)Session["userid"];
if ((DateTime)Application[userid] != d)
log off user... someone else logged in

I wrote the code off my head without validations and assuming certains
things... it would not work but you get the idea.

Again, maybe it would consume too much memory.. you could implement that in
a DB..

My 2 cents