?
Solved

how to avoid multiple logins

Posted on 2010-11-22
5
Medium Priority
?
422 Views
Last Modified: 2012-05-10
We have a web application with feature for logging in with  credentials
The important requirement is once the user logs in he is not allowed to login from any other system or even another browser on same system
 We used following solution which is mssql based : We have kept " Is_Loggedin" as a column with data type "bit" in a table. when a user logs in we set the flag  as "1" sowhen someone tries to log again ,the system is showing the error "The user is already logged in"
 When user logsout bit turns to "0"indicating user logged out.
However this logic is failing in following scenarios

Problem scenario:
When user closes the browser the flag is "1"and user is locked in or situations when user gets system problem and unable to log out

Is there a better logic to handle this requirement?


0
Comment
Question by:tps2009
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 7

Expert Comment

by:ieden
ID: 34187712
kind of old school, you could try whoami.exe
0
 

Author Comment

by:tps2009
ID: 34188409
its a web application how can we use whoami.exe??
0
 
LVL 4

Accepted Solution

by:
dquebe earned 500 total points
ID: 34192893
Web applications are disconnected. You never know for sure when the user invalidates. You will need to track more and creating a sliding window for timeouts. For example, if you know you are not using a server farm so that the session id is always the same, track the session id for each login. Track the start time and the last connect time. Using the last connect time you can auto-timeout so the user can reconnect after a specific time period (assume that the session has timed out).

You would need to use javascript to capture the form close event on the client side and send the result to the server to update the validity of the session (or close it out). You will have to watch what is sent back because changing pages between pages of the same web app will cause the same "close" event to fire. So, when they navigate -> close events invalidates unless a new request is received within 1 second (for example.

Finally, the best way is to educate your users to use the "logout" link on your application or they have to pay the price waiting for a timeout event. These are some basic ideas.
0
 
LVL 9

Expert Comment

by:Orcbighter
ID: 34202134
One solution would be to grant the user a unique ID (granted on successful Login) which is stored in a cookie. When the user accesses a web services, this ID is passed in.
If The user logs in again, find the old ID and close that session, and let him log in on this session. It is still only a single login
0
 
LVL 9

Expert Comment

by:Orcbighter
ID: 34202148
PS: If you really need to keep a transaction scope and history, then maybe asynchronous web services are not the way to go. Maybe you should look at writing an application (as a dll, COM object, ect) that is housed in a browser, but is an application supporting sockets, or channels, etc)
0

Featured Post

Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This is a fairly complicated script that will install the required prerequisites to install SCCM 2012 R2 on a server.  It was designed under the functional model in order to compartmentalize each step required, reducing the overall complexity.  The …
Entering time in Microsoft Access can be difficult. An input mask often bothers users more than helping them and won't catch all typing errors. This article shows how to create a textbox for 24-hour time input with full validation politely catching …
The viewer will learn how to simulate a series of coin tosses with the rand() function and learn how to make these “tosses” depend on a predetermined probability. Flipping Coins in Excel: Enter =RAND() into cell A2: Recalculate the random variable…
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question