Solved

Prevent a same user id to login at diff place at the same time

Posted on 2002-03-20
11
183 Views
Last Modified: 2013-12-24
I want to prevent a same user id to login at diff place at the same time, how do I achieve this? Besides, using database, what other solutions can be use?
0
Comment
Question by:greenbean
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
11 Comments
 
LVL 2

Expert Comment

by:Cyril_H
ID: 6882142
If you're using sessions variables, you can store UserID in one of them and when the user login, just check for the existence of the session variables.

<CFIF IsDefined("Session.#UserID#")>
   User already logged in.
<CFELSE>
   <CFSET Session.#UserID# = "whatever">
</CFIF>


0
 

Expert Comment

by:manonng
ID: 6882305
hi

you can check against with a table which held all the current user ID at the login page.

manon
0
 
LVL 19

Expert Comment

by:cheekycj
ID: 6883015
IMHO, session check is better b/c if you flag a user in the DB as logged in.. how do you update that when the session expires and user never clicks logout.. (just closes the browser)

CJ
0
DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.

 

Expert Comment

by:webdiva69
ID: 6886972
I agree just set a session variable.
0
 

Author Comment

by:greenbean
ID: 6890423
My 2 cents: by using DB, I keep track of the user last login time in a track table. The entry is created when the user login, and if let say the user did properly log out, the entry will be deleted, else the entry remains in the table.

What the system does actually : upon a user login, the system will check the user current login time with the table entry(if any), if the current login time > (last login time + 30 mins), the login is valid, else is invalid.

So, if the user did not logout properly, he/she will not be able to login again til, let say 30 mins later (which is equiv to a session timeout period, probably).

The problem with this solution is, users very often forgot to logout properly, so they will be probably denied access very often.

Anyway, I'll tried out the session method and let u know the results!
0
 
LVL 19

Expert Comment

by:cheekycj
ID: 6891048
greenbean: Your solution is a good one and has been discussed as an alternative to the session one quite frequently the only con as you said is that if the user doesn't logout properly, they could be denied access upon next logon.

The key here is upon every page access you must update a last accessed flag in the DB. and your DB process that cleans out logged in users must check that flag and clean out those users at the same time their regular session time out must happen... which means this process must run frequently and the updates will be quite much too.  You start to depend too heavily on the DB, which to begin with is the bottleneck for most web sites when it comes to scalability.

CJ
0
 

Author Comment

by:greenbean
ID: 6891820
Ok, in this case, session would be a better solution. But, at the same time, how do I prevent improper logout without the use of DB?
0
 
LVL 19

Accepted Solution

by:
cheekycj earned 50 total points
ID: 6892309
What do you mean by "prevent improper logout" won't session expiry take care of that?
0
 
LVL 17

Expert Comment

by:anandkp
ID: 7176398
Hi there,

Incase u r not using sessions - then may be u could try this !!!

1. as soon as a user logs in - update a field in table as "loggedin = 'Y'"

2. now if the same user tries to log in from anywhere - just check [if the loggedin = 'Y'] before allowing a user to log in

if its equal to 'Y' - then throw him out - else log him in

simple !!!

K'Rgds
Anand
0
 
LVL 35

Expert Comment

by:mrichmon
ID: 10784609
No comment has been added lately, so it's time to clean up this question.
I will leave the following recommendation in the Cleanup topic area:

Accept cheekycj

Please leave any comments here within the next four days.

mrichmon
EE Cleanup Volunteer
0

Featured Post

Connect further...control easier

With the ATEN CE624, you can now enjoy a high-quality visual experience powered by HDBaseT technology and the convenience of a single Cat6 cable to transmit uncompressed video with zero latency and multi-streaming for dual-view applications where remote access is required.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
debian web server with word press, www folder permissions (print to a file first , complete backup after) 20 144
Help Fix A 403 error 13 124
Use System DSN 6 93
PHP in Apache server 20 106
A web service (http://en.wikipedia.org/wiki/Web_service) is a software related technology that facilitates machine-to-machine interaction over a network. This article helps beginners in creating and consuming a web service using the ColdFusion Ma…
If you don't have the right permissions set for your WordPress location in IIS, you won't be able to perform automatic updates. Here's how to fix the problem.
In a recent question (https://www.experts-exchange.com/questions/29004105/Run-AutoHotkey-script-directly-from-Notepad.html) here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
Suggested Courses

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question