Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

how to avoid multiple logins

Posted on 2010-11-22
5
Medium Priority
?
423 Views
Last Modified: 2012-05-10
We have a web application with feature for logging in with  credentials
The important requirement is once the user logs in he is not allowed to login from any other system or even another browser on same system
 We used following solution which is mssql based : We have kept " Is_Loggedin" as a column with data type "bit" in a table. when a user logs in we set the flag  as "1" sowhen someone tries to log again ,the system is showing the error "The user is already logged in"
 When user logsout bit turns to "0"indicating user logged out.
However this logic is failing in following scenarios

Problem scenario:
When user closes the browser the flag is "1"and user is locked in or situations when user gets system problem and unable to log out

Is there a better logic to handle this requirement?


0
Comment
Question by:tps2009
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 7

Expert Comment

by:ieden
ID: 34187712
kind of old school, you could try whoami.exe
0
 

Author Comment

by:tps2009
ID: 34188409
its a web application how can we use whoami.exe??
0
 
LVL 4

Accepted Solution

by:
dquebe earned 500 total points
ID: 34192893
Web applications are disconnected. You never know for sure when the user invalidates. You will need to track more and creating a sliding window for timeouts. For example, if you know you are not using a server farm so that the session id is always the same, track the session id for each login. Track the start time and the last connect time. Using the last connect time you can auto-timeout so the user can reconnect after a specific time period (assume that the session has timed out).

You would need to use javascript to capture the form close event on the client side and send the result to the server to update the validity of the session (or close it out). You will have to watch what is sent back because changing pages between pages of the same web app will cause the same "close" event to fire. So, when they navigate -> close events invalidates unless a new request is received within 1 second (for example.

Finally, the best way is to educate your users to use the "logout" link on your application or they have to pay the price waiting for a timeout event. These are some basic ideas.
0
 
LVL 9

Expert Comment

by:Orcbighter
ID: 34202134
One solution would be to grant the user a unique ID (granted on successful Login) which is stored in a cookie. When the user accesses a web services, this ID is passed in.
If The user logs in again, find the old ID and close that session, and let him log in on this session. It is still only a single login
0
 
LVL 9

Expert Comment

by:Orcbighter
ID: 34202148
PS: If you really need to keep a transaction scope and history, then maybe asynchronous web services are not the way to go. Maybe you should look at writing an application (as a dll, COM object, ect) that is housed in a browser, but is an application supporting sockets, or channels, etc)
0

Featured Post

[Webinar] Lessons on Recovering from Petya

Skyport is working hard to help customers recover from recent attacks, like the Petya worm. This work has brought to light some important lessons. New malware attacks like this can take down your entire environment. Learn from others mistakes on how to prevent Petya like worms.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Lync meeting or Lync conferencing is what many organizations would like to deploy to allow them save money. But companies are now giving up for various reasons, one of which is that they cannot join external meetings (non-federated company meetings)…
Technology opened people to different means of presenting information, but PowerPoint remains to be above competition. Know why PPT still works today.
Viewers will learn the different options available in the Backstage view in Excel 2013.
The viewer will learn how to use the =DISCRINV command to create a discrete random variable, use this command to model a set of probabilities and outcomes in a Monte Carlo simulation, and learn how to find the standard deviation of a set of probabil…

609 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question