Solved

Prevent a same user id to login at diff place at the same time

Posted on 2002-03-20
11
180 Views
Last Modified: 2013-12-24
I want to prevent a same user id to login at diff place at the same time, how do I achieve this? Besides, using database, what other solutions can be use?
0
Comment
Question by:greenbean
11 Comments
 
LVL 2

Expert Comment

by:Cyril_H
ID: 6882142
If you're using sessions variables, you can store UserID in one of them and when the user login, just check for the existence of the session variables.

<CFIF IsDefined("Session.#UserID#")>
   User already logged in.
<CFELSE>
   <CFSET Session.#UserID# = "whatever">
</CFIF>


0
 

Expert Comment

by:manonng
ID: 6882305
hi

you can check against with a table which held all the current user ID at the login page.

manon
0
 
LVL 19

Expert Comment

by:cheekycj
ID: 6883015
IMHO, session check is better b/c if you flag a user in the DB as logged in.. how do you update that when the session expires and user never clicks logout.. (just closes the browser)

CJ
0
The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

 

Expert Comment

by:webdiva69
ID: 6886972
I agree just set a session variable.
0
 

Author Comment

by:greenbean
ID: 6890423
My 2 cents: by using DB, I keep track of the user last login time in a track table. The entry is created when the user login, and if let say the user did properly log out, the entry will be deleted, else the entry remains in the table.

What the system does actually : upon a user login, the system will check the user current login time with the table entry(if any), if the current login time > (last login time + 30 mins), the login is valid, else is invalid.

So, if the user did not logout properly, he/she will not be able to login again til, let say 30 mins later (which is equiv to a session timeout period, probably).

The problem with this solution is, users very often forgot to logout properly, so they will be probably denied access very often.

Anyway, I'll tried out the session method and let u know the results!
0
 
LVL 19

Expert Comment

by:cheekycj
ID: 6891048
greenbean: Your solution is a good one and has been discussed as an alternative to the session one quite frequently the only con as you said is that if the user doesn't logout properly, they could be denied access upon next logon.

The key here is upon every page access you must update a last accessed flag in the DB. and your DB process that cleans out logged in users must check that flag and clean out those users at the same time their regular session time out must happen... which means this process must run frequently and the updates will be quite much too.  You start to depend too heavily on the DB, which to begin with is the bottleneck for most web sites when it comes to scalability.

CJ
0
 

Author Comment

by:greenbean
ID: 6891820
Ok, in this case, session would be a better solution. But, at the same time, how do I prevent improper logout without the use of DB?
0
 
LVL 19

Accepted Solution

by:
cheekycj earned 50 total points
ID: 6892309
What do you mean by "prevent improper logout" won't session expiry take care of that?
0
 
LVL 17

Expert Comment

by:anandkp
ID: 7176398
Hi there,

Incase u r not using sessions - then may be u could try this !!!

1. as soon as a user logs in - update a field in table as "loggedin = 'Y'"

2. now if the same user tries to log in from anywhere - just check [if the loggedin = 'Y'] before allowing a user to log in

if its equal to 'Y' - then throw him out - else log him in

simple !!!

K'Rgds
Anand
0
 
LVL 35

Expert Comment

by:mrichmon
ID: 10784609
No comment has been added lately, so it's time to clean up this question.
I will leave the following recommendation in the Cleanup topic area:

Accept cheekycj

Please leave any comments here within the next four days.

mrichmon
EE Cleanup Volunteer
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

One of the typical problems I have experienced is when you have to move a web server from one hosting site to another. You normally prepare all on the new host, transfer the site, change DNS and cross your fingers hoping all will be ok on new server…
Introduction This article explores the design of a cache system that can improve the performance of a web site or web application.  The assumption is that the web site has many more “read” operations than “write” operations (this is commonly the ca…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

821 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question