Solved

How to stop DUAL login

Posted on 2004-04-09
10
313 Views
Last Modified: 2012-08-14
Hi,

How can we prevent clients from opening multiple windows and login into a site every time.

Problem:
Clients are using multiple window login to manipulate our advertising portal system.

Solution required:
STOP clients from loggin into the site if already logged in.


Thanks
Steve
0
Comment
Question by:TO_Steve
  • 3
  • 3
  • 2
  • +2
10 Comments
 
LVL 53

Expert Comment

by:COBOLdinosaur
ID: 10791954
It has to be done server side.  You keep track of logons in the database.  when someone logs onto the server, if they already have a session you either close the previous logon, of you send them back and error and tell them must log out of the other session.

What kind of method are you using to handle the logons now?

Cd&
0
 

Author Comment

by:TO_Steve
ID: 10792597
Here is the login page codes

---------
<%
' *** Validate request to log in to this site.
MM_LoginAction = Request.ServerVariables("URL")
If Request.QueryString<>"" Then MM_LoginAction = MM_LoginAction + "?" + Request.QueryString
MM_valUsername=CStr(Request.Form("Username"))
If MM_valUsername <> "" Then
  MM_fldUserAuthorization=""
  MM_redirectLoginSuccess="myAds.asp"
  MM_redirectLoginFailed="details_problem.asp"
  MM_flag="ADODB.Recordset"
  set MM_rsUser = Server.CreateObject(MM_flag)
  MM_rsUser.ActiveConnection = MM_connClassifieds_STRING
  MM_rsUser.Source = "SELECT * "
  If MM_fldUserAuthorization <> "" Then MM_rsUser.Source = MM_rsUser.Source & "," & MM_fldUserAuthorization
  MM_rsUser.Source = MM_rsUser.Source & " FROM VENNERI_ORG_USERS WHERE U_ID='" & MM_valUsername &"' AND U_PASSWORD='" & CStr(Request.Form("password")) & "'"
  MM_rsUser.CursorType = 0
  MM_rsUser.CursorLocation = 2
  MM_rsUser.LockType = 3
  MM_rsUser.Open
 
If Not MM_rsUser.EOF Or Not MM_rsUser.BOF Then
  If MM_rsUser.Fields.Item("U_ACTIVE") <> 1 or MM_rsUser.Fields.Item("U_ACCOUNT_VERIFIED") <> 1 Then
  Response.Redirect("default.asp?reason=notAuthorized")
  If MM_rsUser.Fields.Item("U_CURRENT_NOTPAID") < 0  Then Response.Redirect("Details_Problem.asp?reason=ProblemWithAdCounts_Please_Call_1.866.4.SALE.HLP")
  Else
    ' username and password match - this is a valid user
    Session("MM_Username") = MM_valUsername
    Session("AD_APPROVED") = MM_rsUser.Fields.Item("U_APPROVED").Value
      Session("AD_IMAGE") = MM_rsUser.Fields.Item("U_IMAGE").Value
      
      'set last login date time
      set cmdLastLogin = Server.CreateObject("ADODB.Command")
      cmdLastLogin.ActiveConnection = MM_connClassifieds_STRING
      cmdLastLogin.CommandText = "UPDATE VENNERI_ORG_USERS  SET U_LAST_LOGIN = getdate() WHERE U_ID = '" & MM_valUsername & "'"
      cmdLastLogin.CommandType = 1
      cmdLastLogin.CommandTimeout = 0
      cmdLastLogin.Prepared = true
      cmdLastLogin.Execute()

          If CStr(Request.QueryString("accessdenied")) <> "" And true Then
                  MM_redirectLoginSuccess = Request.QueryString("accessdenied")
          End If
    MM_rsUser.Close
    Response.Redirect(MM_redirectLoginSuccess)
  End If
End If
  MM_rsUser.Close
  Response.Redirect(MM_redirectLoginFailed)
End If
%>


------------------

I understand that you can track when a user logs in the site.
How do you know when he logs out?


Thanks
Steve
0
 
LVL 12

Expert Comment

by:venkateshwarr
ID: 10793225

Whenever a user logs in...
Check if his id is already present in the databae.
If not insert his userid in the database

Whenever a user logsout...
remove the user id from database.
0
 

Author Comment

by:TO_Steve
ID: 10793299
How can you remove a User ID from the database if the user CLOSES the window?


Whenever a user logsout...
remove the user id from database.


Thanks
Steve

0
 
LVL 53

Expert Comment

by:COBOLdinosaur
ID: 10793361
If they have a means to log out you can record it.  Otherwise you uses session ids associated with the user and expire them when they go a specific amount of time without requesting a page.

I don't do ASP, so I cn't really help with that code itself, but another expert may come along who can look at it.

Cd&
0
Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

 
LVL 12

Expert Comment

by:venkateshwarr
ID: 10794315
you can use try something like this..

<body onunload="document.forms['exit'].submit();" >
<form name=exit action="logout.asp">
    <input type=hidden name=username value="<%=MM_valUsername%>">
</form>

You can create a hidden form and submit the form on exit.
0
 

Expert Comment

by:azazoo
ID: 10794611
Or you could not give them credit for multiple logins within a predetermined period of time. You could also implement a lockout period (eg-if they are trying to loging within X minutes of previous login, do not let them and explain why) but this could frustrate somebody if they closed a browser and needed to log back in for legit purpose.

Telling whether a person has closed a page or not (or even logged out) would not seem to solve your problem, as the person could just open a number of browsers. If you are concerned about awarding too many points or whatever, just withhold the points.  
0
 

Author Comment

by:TO_Steve
ID: 10794812
TO: venkateshwarr

<body onunload="document.forms['exit'].submit();" >
<form name=exit action="logout.asp">
    <input type=hidden name=username value="<%=MM_valUsername%>">
</form>

Please explain, I understand the concept, but having hard time to implement.
1. What pages do I put the code on.
2. I have a footer page which follows through all pages, but its loggin out the user ever time he surfs.
3. Does the code above go togheter on the page?


Thanks
Steve
0
 
LVL 12

Accepted Solution

by:
venkateshwarr earned 75 total points
ID: 10794867

You can do something like this...
create a small include file...

logout.inc.asp

<%
dim bodytag,logoutform

bodytag = "<body onunload=""document.forms['exit'].submit();"" >"
logoutform = "<form name=exit action=logout.asp> <input type=hidden name=username value=""<%=MM_valUsername%>""> </form>"
 
%>

And include this in all your asp pages.
In place of body tag, just say

Response.write bodytag
Response.write logoutform

That should do...

venkat.
0
 
LVL 1

Expert Comment

by:Mad_Lion
ID: 10979329
Another suggestion would be to utilize the SessionOnEnd event used in your Global.asa to remove the users GlobalID from your database when the session has ended. Browser closed, navigated away ect ect.

Unlike the previous example which requires you to include another block of code into each and every page, you can simply use session and / or application events and variables to keep track if the user is currently logged in and by adding their session ID to your database upon login, you can control multiple logons. The Session ID can be removed when their session is terminated, also, the session / application variables can be cleared as well.

Start here for the "How To" on using the Global.asa
http://www.asp101.com/resources/apps_sessions_gasa.asp

0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Why do we like using grid based layouts in website design? Let's look at the live examples of websites and compare them to grid based WordPress themes.
Get to know the ins and outs of building a web-based ERP system for your enterprise. Development timeline, technology, and costs outlined.
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now