Not allowing duplicate logins

Results 1 to 2 of 2

Thread: Not allowing duplicate logins

  1. #1
    Join Date
    Dec 1969

    Default Not allowing duplicate logins

    I already posted this in ASP Q & A, but perhaps this may be more of an advanced question.<BR><BR>Aside from buying a ready-made product, what are some ways to not allow simultaneous duplicate logins? I am using Authentix so I know which user is logged in, but I can&#039;t put it to much use if I have no trigger when the user leaves the site. I would assume the only way for me to not allow duplicate logins is to know when the user logged off/closes browser, so I can free up that username for logging in again. The global.asa file doesn&#039;t seem to work cause it ends the session after an amount of time of inactivity and not when the user closes the browser. Any ideas?

  2. #2
    Join Date
    Dec 1969

    Default RE: Not allowing duplicate logins

    Explicit logout is easy (where the user clicks a "log out" button), you can then expire their session automatically.<BR><BR>It is the implicit logout that is harder.<BR><BR>I do the following on one of my sites (but you may need to change it for your needs).<BR><BR>UserTable<BR>userid<BR>..otherdetai ls..<BR><BR>SessionTable<BR>sessionid<BR>userid<BR >datestarted<BR>datelastaction<BR>active<BR><BR>Ev ery page authenticates a user, they must have sessionid (stored as a cookie). Also, when authenticating the datelastaction must be within set time of now(), (I use 15 minutes)<BR><BR>When a new user logs in you can check the sessionTable to see if there already exists an entry for that userid within the limit set for datelastaction.<BR><BR>If there is, you have some choices. I allow them in BUT, they get the same sessionid set as a cookie (so two people logged on two machines with the same details would have the same sessionid).<BR><BR>You want to deny them access; so you could tell them that a session already exists and to try again later; or you could say that there is an already open session do they want to terminate it or join it or whatever.<BR><BR>I use sql server, so I have a small job that runs on idle or every 15minutes that changes the active status of entries in the sessiontable depending on the datelastaction (anything older than 15minutes gets timed out and forces a relogin -- this also works for people who have had their browser open for 15+ minutes but done no work; they get forced to log back in).<BR><BR>Not exactly what you were asking for but I hope it helps

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts