Solved

Prevent a same user id to login at diff place at the same time

Posted on 2002-03-20
11
178 Views
Last Modified: 2013-12-24
I want to prevent a same user id to login at diff place at the same time, how do I achieve this? Besides, using database, what other solutions can be use?
0
Comment
Question by:greenbean
11 Comments
 
LVL 2

Expert Comment

by:Cyril_H
ID: 6882142
If you're using sessions variables, you can store UserID in one of them and when the user login, just check for the existence of the session variables.

<CFIF IsDefined("Session.#UserID#")>
   User already logged in.
<CFELSE>
   <CFSET Session.#UserID# = "whatever">
</CFIF>


0
 

Expert Comment

by:manonng
ID: 6882305
hi

you can check against with a table which held all the current user ID at the login page.

manon
0
 
LVL 19

Expert Comment

by:cheekycj
ID: 6883015
IMHO, session check is better b/c if you flag a user in the DB as logged in.. how do you update that when the session expires and user never clicks logout.. (just closes the browser)

CJ
0
 

Expert Comment

by:webdiva69
ID: 6886972
I agree just set a session variable.
0
 

Author Comment

by:greenbean
ID: 6890423
My 2 cents: by using DB, I keep track of the user last login time in a track table. The entry is created when the user login, and if let say the user did properly log out, the entry will be deleted, else the entry remains in the table.

What the system does actually : upon a user login, the system will check the user current login time with the table entry(if any), if the current login time > (last login time + 30 mins), the login is valid, else is invalid.

So, if the user did not logout properly, he/she will not be able to login again til, let say 30 mins later (which is equiv to a session timeout period, probably).

The problem with this solution is, users very often forgot to logout properly, so they will be probably denied access very often.

Anyway, I'll tried out the session method and let u know the results!
0
Save on storage to protect fatherhood memories

You're the dad who has everything. This Father's Day, make sure your family memories are protected. My Passport Ultra has automatic backup and password protection to keep your cherished photos and videos safe. With up to 3TB, you have plenty of room to hold the adventures ahead.

 
LVL 19

Expert Comment

by:cheekycj
ID: 6891048
greenbean: Your solution is a good one and has been discussed as an alternative to the session one quite frequently the only con as you said is that if the user doesn't logout properly, they could be denied access upon next logon.

The key here is upon every page access you must update a last accessed flag in the DB. and your DB process that cleans out logged in users must check that flag and clean out those users at the same time their regular session time out must happen... which means this process must run frequently and the updates will be quite much too.  You start to depend too heavily on the DB, which to begin with is the bottleneck for most web sites when it comes to scalability.

CJ
0
 

Author Comment

by:greenbean
ID: 6891820
Ok, in this case, session would be a better solution. But, at the same time, how do I prevent improper logout without the use of DB?
0
 
LVL 19

Accepted Solution

by:
cheekycj earned 50 total points
ID: 6892309
What do you mean by "prevent improper logout" won't session expiry take care of that?
0
 
LVL 17

Expert Comment

by:anandkp
ID: 7176398
Hi there,

Incase u r not using sessions - then may be u could try this !!!

1. as soon as a user logs in - update a field in table as "loggedin = 'Y'"

2. now if the same user tries to log in from anywhere - just check [if the loggedin = 'Y'] before allowing a user to log in

if its equal to 'Y' - then throw him out - else log him in

simple !!!

K'Rgds
Anand
0
 
LVL 35

Expert Comment

by:mrichmon
ID: 10784609
No comment has been added lately, so it's time to clean up this question.
I will leave the following recommendation in the Cleanup topic area:

Accept cheekycj

Please leave any comments here within the next four days.

mrichmon
EE Cleanup Volunteer
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
file too large for website 6 67
assigning port numbers to web sites and web services 2 71
JVM encoding. How to change encoding. 27 86
WEB Farm 6 64
Have you ever sent email via ColdFusion and thought of tracking this mail to capture the exact date and time when the message was opened ?  If yes, then this article is for you ! First we need a table user_email with columns user_id , email , sub…
If you don't have the right permissions set for your WordPress location in IIS, you won't be able to perform automatic updates. Here's how to fix the problem.
Migrating to Microsoft Office 365 is becoming increasingly popular for organizations both large and small. If you have made the leap to Microsoft’s cloud platform, you know that you will need to create a corporate email signature for your Office 365…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now