Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 329
  • Last Modified:

How to stop DUAL login

Hi,

How can we prevent clients from opening multiple windows and login into a site every time.

Problem:
Clients are using multiple window login to manipulate our advertising portal system.

Solution required:
STOP clients from loggin into the site if already logged in.


Thanks
Steve
0
TO_Steve
Asked:
TO_Steve
  • 3
  • 3
  • 2
  • +2
1 Solution
 
COBOLdinosaurCommented:
It has to be done server side.  You keep track of logons in the database.  when someone logs onto the server, if they already have a session you either close the previous logon, of you send them back and error and tell them must log out of the other session.

What kind of method are you using to handle the logons now?

Cd&
0
 
TO_SteveAuthor Commented:
Here is the login page codes

---------
<%
' *** Validate request to log in to this site.
MM_LoginAction = Request.ServerVariables("URL")
If Request.QueryString<>"" Then MM_LoginAction = MM_LoginAction + "?" + Request.QueryString
MM_valUsername=CStr(Request.Form("Username"))
If MM_valUsername <> "" Then
  MM_fldUserAuthorization=""
  MM_redirectLoginSuccess="myAds.asp"
  MM_redirectLoginFailed="details_problem.asp"
  MM_flag="ADODB.Recordset"
  set MM_rsUser = Server.CreateObject(MM_flag)
  MM_rsUser.ActiveConnection = MM_connClassifieds_STRING
  MM_rsUser.Source = "SELECT * "
  If MM_fldUserAuthorization <> "" Then MM_rsUser.Source = MM_rsUser.Source & "," & MM_fldUserAuthorization
  MM_rsUser.Source = MM_rsUser.Source & " FROM VENNERI_ORG_USERS WHERE U_ID='" & MM_valUsername &"' AND U_PASSWORD='" & CStr(Request.Form("password")) & "'"
  MM_rsUser.CursorType = 0
  MM_rsUser.CursorLocation = 2
  MM_rsUser.LockType = 3
  MM_rsUser.Open
 
If Not MM_rsUser.EOF Or Not MM_rsUser.BOF Then
  If MM_rsUser.Fields.Item("U_ACTIVE") <> 1 or MM_rsUser.Fields.Item("U_ACCOUNT_VERIFIED") <> 1 Then
  Response.Redirect("default.asp?reason=notAuthorized")
  If MM_rsUser.Fields.Item("U_CURRENT_NOTPAID") < 0  Then Response.Redirect("Details_Problem.asp?reason=ProblemWithAdCounts_Please_Call_1.866.4.SALE.HLP")
  Else
    ' username and password match - this is a valid user
    Session("MM_Username") = MM_valUsername
    Session("AD_APPROVED") = MM_rsUser.Fields.Item("U_APPROVED").Value
      Session("AD_IMAGE") = MM_rsUser.Fields.Item("U_IMAGE").Value
      
      'set last login date time
      set cmdLastLogin = Server.CreateObject("ADODB.Command")
      cmdLastLogin.ActiveConnection = MM_connClassifieds_STRING
      cmdLastLogin.CommandText = "UPDATE VENNERI_ORG_USERS  SET U_LAST_LOGIN = getdate() WHERE U_ID = '" & MM_valUsername & "'"
      cmdLastLogin.CommandType = 1
      cmdLastLogin.CommandTimeout = 0
      cmdLastLogin.Prepared = true
      cmdLastLogin.Execute()

          If CStr(Request.QueryString("accessdenied")) <> "" And true Then
                  MM_redirectLoginSuccess = Request.QueryString("accessdenied")
          End If
    MM_rsUser.Close
    Response.Redirect(MM_redirectLoginSuccess)
  End If
End If
  MM_rsUser.Close
  Response.Redirect(MM_redirectLoginFailed)
End If
%>


------------------

I understand that you can track when a user logs in the site.
How do you know when he logs out?


Thanks
Steve
0
 
venkateshwarrCommented:

Whenever a user logs in...
Check if his id is already present in the databae.
If not insert his userid in the database

Whenever a user logsout...
remove the user id from database.
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
TO_SteveAuthor Commented:
How can you remove a User ID from the database if the user CLOSES the window?


Whenever a user logsout...
remove the user id from database.


Thanks
Steve

0
 
COBOLdinosaurCommented:
If they have a means to log out you can record it.  Otherwise you uses session ids associated with the user and expire them when they go a specific amount of time without requesting a page.

I don't do ASP, so I cn't really help with that code itself, but another expert may come along who can look at it.

Cd&
0
 
venkateshwarrCommented:
you can use try something like this..

<body onunload="document.forms['exit'].submit();" >
<form name=exit action="logout.asp">
    <input type=hidden name=username value="<%=MM_valUsername%>">
</form>

You can create a hidden form and submit the form on exit.
0
 
azazooCommented:
Or you could not give them credit for multiple logins within a predetermined period of time. You could also implement a lockout period (eg-if they are trying to loging within X minutes of previous login, do not let them and explain why) but this could frustrate somebody if they closed a browser and needed to log back in for legit purpose.

Telling whether a person has closed a page or not (or even logged out) would not seem to solve your problem, as the person could just open a number of browsers. If you are concerned about awarding too many points or whatever, just withhold the points.  
0
 
TO_SteveAuthor Commented:
TO: venkateshwarr

<body onunload="document.forms['exit'].submit();" >
<form name=exit action="logout.asp">
    <input type=hidden name=username value="<%=MM_valUsername%>">
</form>

Please explain, I understand the concept, but having hard time to implement.
1. What pages do I put the code on.
2. I have a footer page which follows through all pages, but its loggin out the user ever time he surfs.
3. Does the code above go togheter on the page?


Thanks
Steve
0
 
venkateshwarrCommented:

You can do something like this...
create a small include file...

logout.inc.asp

<%
dim bodytag,logoutform

bodytag = "<body onunload=""document.forms['exit'].submit();"" >"
logoutform = "<form name=exit action=logout.asp> <input type=hidden name=username value=""<%=MM_valUsername%>""> </form>"
 
%>

And include this in all your asp pages.
In place of body tag, just say

Response.write bodytag
Response.write logoutform

That should do...

venkat.
0
 
Mad_LionCommented:
Another suggestion would be to utilize the SessionOnEnd event used in your Global.asa to remove the users GlobalID from your database when the session has ended. Browser closed, navigated away ect ect.

Unlike the previous example which requires you to include another block of code into each and every page, you can simply use session and / or application events and variables to keep track if the user is currently logged in and by adding their session ID to your database upon login, you can control multiple logons. The Session ID can be removed when their session is terminated, also, the session / application variables can be cleared as well.

Start here for the "How To" on using the Global.asa
http://www.asp101.com/resources/apps_sessions_gasa.asp

0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 3
  • 3
  • 2
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now