Solved

how to avoid multiple logins

Posted on 2010-11-22
5
419 Views
Last Modified: 2012-05-10
We have a web application with feature for logging in with  credentials
The important requirement is once the user logs in he is not allowed to login from any other system or even another browser on same system
 We used following solution which is mssql based : We have kept " Is_Loggedin" as a column with data type "bit" in a table. when a user logs in we set the flag  as "1" sowhen someone tries to log again ,the system is showing the error "The user is already logged in"
 When user logsout bit turns to "0"indicating user logged out.
However this logic is failing in following scenarios

Problem scenario:
When user closes the browser the flag is "1"and user is locked in or situations when user gets system problem and unable to log out

Is there a better logic to handle this requirement?


0
Comment
Question by:tps2009
5 Comments
 
LVL 7

Expert Comment

by:ieden
ID: 34187712
kind of old school, you could try whoami.exe
0
 

Author Comment

by:tps2009
ID: 34188409
its a web application how can we use whoami.exe??
0
 
LVL 4

Accepted Solution

by:
dquebe earned 125 total points
ID: 34192893
Web applications are disconnected. You never know for sure when the user invalidates. You will need to track more and creating a sliding window for timeouts. For example, if you know you are not using a server farm so that the session id is always the same, track the session id for each login. Track the start time and the last connect time. Using the last connect time you can auto-timeout so the user can reconnect after a specific time period (assume that the session has timed out).

You would need to use javascript to capture the form close event on the client side and send the result to the server to update the validity of the session (or close it out). You will have to watch what is sent back because changing pages between pages of the same web app will cause the same "close" event to fire. So, when they navigate -> close events invalidates unless a new request is received within 1 second (for example.

Finally, the best way is to educate your users to use the "logout" link on your application or they have to pay the price waiting for a timeout event. These are some basic ideas.
0
 
LVL 9

Expert Comment

by:Orcbighter
ID: 34202134
One solution would be to grant the user a unique ID (granted on successful Login) which is stored in a cookie. When the user accesses a web services, this ID is passed in.
If The user logs in again, find the old ID and close that session, and let him log in on this session. It is still only a single login
0
 
LVL 9

Expert Comment

by:Orcbighter
ID: 34202148
PS: If you really need to keep a transaction scope and history, then maybe asynchronous web services are not the way to go. Maybe you should look at writing an application (as a dll, COM object, ect) that is housed in a browser, but is an application supporting sockets, or channels, etc)
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

The canonical version of this article is on my web site here: http://iconoun.com/articles/collisions/ A companion presentation is available here: http://iconoun.com/articles/collisions/Unicode_Presentation.pdf
Whether you've completed a degree in computer sciences or you're a self-taught programmer, writing your first lines of code in the real world is always a challenge. Here are some of the most common pitfalls for new programmers.
Viewers will learn how to maximize accessibility options in an Excel workbook for users with accessibility issues.
This is Part 3 in a 3-part series on Experts Exchange to discuss error handling in VBA code written for Excel. Part 1 of this series discussed basic error handling code using VBA. http://www.experts-exchange.com/videos/1478/Excel-Error-Handlin…

789 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question