|
restrict multiple user logins with same username -- karnati --
hi all what is the best way to restrict multiple logins with same username thanks in advance karnati |
|
-- "Bradley, Peter" --
Don't know about the best way, but one obvious way is to have a Boolean column in the table that holds user credentials, called LoggedIn (or something). Set it to True when the user logs in, and set it to False on logout (or Session timeout). Check this field during authentication. HTH Peter -----Original Message----- From: DotNetDevelopment restrict multiple user logins with same username hi all what is the best way to restrict multiple logins with same username thanks in advance karnati |
|
-- Raj --
Peter, What would happen if user close the browser without logging out ! ..... Raj |
|
-- "Bradley, Peter" --
I'm not sure if the session would immediately close (i.e. I don't remember if this immediately generates a Session_End event) - but it would eventually time out. The exact length of time this will take would depend on what you set the session timeout to. The default is 20 minutes, IIRC. So you put code in the Session_End handler in Global.asax. But anyway, if they've closed their browser it shouldn't be a problem except that they'll have to wait until their old session times out before logging in again. You could provide a message, displayed when their login fails, that tells them to try again later. Peter -----Original Message----- From: DotNetDevelopment Re: restrict multiple user logins with same username Peter, What would happen if user close the browser without logging out ! ..... Raj |
|
-- Garret117 --
Yeah, Peter and Raj, I used that method before. Not in this context, but to keep a list of users who are currently logged in. It becomes such a nightmare of maintenance because of people not ending sessions properly. I personally think this is a bad method to solve the problem. That said, I don't even think the problem is well articulated. What exactly do you mean by multiple logins with the same username......? If you mean, the user logs in, but the login box is still available for them to login again, then a simple way would be to never show the login box if the user is logged in. Depending on how you store logged in user data (i.e. Forms Authentication, or Session variables) you should easily be able to tell if a member is logged in or not. Then if they are, put a little code around your login box to not display. |
|
-- Cerebrus --
Well said, Garret ! |
|
-- "Bradley, Peter" --
Hmm. I share your misgivings, but I took it that the OP wanted to stop a user from opening two sessions concurrently (say, in two browser instances). I don't think your solutions address that. Or maybe there's something I've missed. Perhaps the OP should let us know more exactly what is required. As to maintenance, again I sympathise with what you say - but why should it be a problem as long as there is code to log a user out in the Session_End event handler? I'm not trying to defend this method if there's a better one, but I'm just interested to know why it caused a problem for you. Cheers Peter -----Original Message----- From: DotNetDevelopment on behalf of Garret117 Sent: Fri 7/7/2006 4:52 PM To: DotNetDevelopment, VB.NET, C# .NET, ADO.NET, ASP.NET, XML, XML Web Services,.NET Remoting Cc: Subject: Re: restrict multiple user logins with same username Yeah, Peter and Raj, I used that method before. Not in this context, but to keep a list of users who are currently logged in. It becomes such a nightmare of maintenance because of people not ending sessions properly. I personally think this is a bad method to solve the problem. That said, I don't even think the problem is well articulated. What exactly do you mean by multiple logins with the same username......? If you mean, the user logs in, but the login box is still available for them to login again, then a simple way would be to never show the login box if the user is logged in. Depending on how you store logged in user data (i.e. Forms Authentication, or Session variables) you should easily be able to tell if a member is logged in or not. Then if they are, put a little code around your login box to not display. |