Solved

how to avoid multiple logins

Posted on 2010-11-22
5
415 Views
Last Modified: 2012-05-10
We have a web application with feature for logging in with  credentials
The important requirement is once the user logs in he is not allowed to login from any other system or even another browser on same system
 We used following solution which is mssql based : We have kept " Is_Loggedin" as a column with data type "bit" in a table. when a user logs in we set the flag  as "1" sowhen someone tries to log again ,the system is showing the error "The user is already logged in"
 When user logsout bit turns to "0"indicating user logged out.
However this logic is failing in following scenarios

Problem scenario:
When user closes the browser the flag is "1"and user is locked in or situations when user gets system problem and unable to log out

Is there a better logic to handle this requirement?


0
Comment
Question by:tps2009
5 Comments
 
LVL 7

Expert Comment

by:ieden
Comment Utility
kind of old school, you could try whoami.exe
0
 

Author Comment

by:tps2009
Comment Utility
its a web application how can we use whoami.exe??
0
 
LVL 4

Accepted Solution

by:
dquebe earned 125 total points
Comment Utility
Web applications are disconnected. You never know for sure when the user invalidates. You will need to track more and creating a sliding window for timeouts. For example, if you know you are not using a server farm so that the session id is always the same, track the session id for each login. Track the start time and the last connect time. Using the last connect time you can auto-timeout so the user can reconnect after a specific time period (assume that the session has timed out).

You would need to use javascript to capture the form close event on the client side and send the result to the server to update the validity of the session (or close it out). You will have to watch what is sent back because changing pages between pages of the same web app will cause the same "close" event to fire. So, when they navigate -> close events invalidates unless a new request is received within 1 second (for example.

Finally, the best way is to educate your users to use the "logout" link on your application or they have to pay the price waiting for a timeout event. These are some basic ideas.
0
 
LVL 9

Expert Comment

by:Orcbighter
Comment Utility
One solution would be to grant the user a unique ID (granted on successful Login) which is stored in a cookie. When the user accesses a web services, this ID is passed in.
If The user logs in again, find the old ID and close that session, and let him log in on this session. It is still only a single login
0
 
LVL 9

Expert Comment

by:Orcbighter
Comment Utility
PS: If you really need to keep a transaction scope and history, then maybe asynchronous web services are not the way to go. Maybe you should look at writing an application (as a dll, COM object, ect) that is housed in a browser, but is an application supporting sockets, or channels, etc)
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

This is a fairly complicated script that will install the required prerequisites to install SCCM 2012 R2 on a server.  It was designed under the functional model in order to compartmentalize each step required, reducing the overall complexity.  The …
Many companies are making the switch from Microsoft to Google Apps (https://www.google.com/work/apps/business/). Use this article to learn more about what Google Apps has to offer and to help if you’re planning on migrating to Google Apps. It is …
The viewer will learn how to create two correlated normally distributed random variables in Excel, use a normal distribution to simulate the return on different levels of investment in each of the two funds over a period of ten years, and, create a …
This is Part 3 in a 3-part series on Experts Exchange to discuss error handling in VBA code written for Excel. Part 1 of this series discussed basic error handling code using VBA. http://www.experts-exchange.com/videos/1478/Excel-Error-Handlin…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now