• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 427
  • Last Modified:

how to avoid multiple logins

We have a web application with feature for logging in with  credentials
The important requirement is once the user logs in he is not allowed to login from any other system or even another browser on same system
 We used following solution which is mssql based : We have kept " Is_Loggedin" as a column with data type "bit" in a table. when a user logs in we set the flag  as "1" sowhen someone tries to log again ,the system is showing the error "The user is already logged in"
 When user logsout bit turns to "0"indicating user logged out.
However this logic is failing in following scenarios

Problem scenario:
When user closes the browser the flag is "1"and user is locked in or situations when user gets system problem and unable to log out

Is there a better logic to handle this requirement?


0
tps2009
Asked:
tps2009
1 Solution
 
iedenCommented:
kind of old school, you could try whoami.exe
0
 
tps2009Author Commented:
its a web application how can we use whoami.exe??
0
 
dquebeCommented:
Web applications are disconnected. You never know for sure when the user invalidates. You will need to track more and creating a sliding window for timeouts. For example, if you know you are not using a server farm so that the session id is always the same, track the session id for each login. Track the start time and the last connect time. Using the last connect time you can auto-timeout so the user can reconnect after a specific time period (assume that the session has timed out).

You would need to use javascript to capture the form close event on the client side and send the result to the server to update the validity of the session (or close it out). You will have to watch what is sent back because changing pages between pages of the same web app will cause the same "close" event to fire. So, when they navigate -> close events invalidates unless a new request is received within 1 second (for example.

Finally, the best way is to educate your users to use the "logout" link on your application or they have to pay the price waiting for a timeout event. These are some basic ideas.
0
 
OrcbighterCommented:
One solution would be to grant the user a unique ID (granted on successful Login) which is stored in a cookie. When the user accesses a web services, this ID is passed in.
If The user logs in again, find the old ID and close that session, and let him log in on this session. It is still only a single login
0
 
OrcbighterCommented:
PS: If you really need to keep a transaction scope and history, then maybe asynchronous web services are not the way to go. Maybe you should look at writing an application (as a dll, COM object, ect) that is housed in a browser, but is an application supporting sockets, or channels, etc)
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: Python 3 Fundamentals

This course will teach participants about installing and configuring Python, syntax, importing, statements, types, strings, booleans, files, lists, tuples, comprehensions, functions, and classes.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now