I need to check the currently logged in users of the site. On Login i am setting the online status to true and on logout i am setting the status back to false. This worked good till normal logout process, but what about if the user closes the browser but
still logged in.
So if the user closes the browser will he still login or not. If he is still login that means online status is still true, in that case how can i set the online status to false. I guess the user will automatically logout at certain given timeout if he dont
open the site again. So how would i set the online status to false in this case ?
I'd suggest changing your thinking about what "logged out" means. I'd use the concept of inactivity instead. In other words, if the user's not been active in 30 minutes then I'd consider them logged out. This addresses the scenarios where the user doesn't
click your logout button and they just close the browser or just leave it open forever (yet their auth cookie times out).
I'd suggest changing your thinking about what "logged out" means. I'd use the concept of inactivity instead.
ok good point. got it.
BrockAllen
if the user's not been active in 30 minutes then I'd consider them logged out
i also want the same but how can i change the online status in this case thats the question ?
BrockAllen
This addresses the scenarios where the user doesn't click your logout button and they just close the browser or just leave it open forever (yet their auth cookie times out).
i also want the same but how can i change the online status in this case thats the question ?
I think you should not keep a "logout" flag in the database and instead keep a last activity date/time. Then your logic of "who's logged in" is anyone that has been active in the past X minutes. Or maybe I'm not understanding your question here.
rajesh sahar...
Member
225 Points
553 Posts
Managing logged in users of the site
Dec 06, 2012 11:12 AM|LINK
I need to check the currently logged in users of the site. On Login i am setting the online status to true and on logout i am setting the status back to false. This worked good till normal logout process, but what about if the user closes the browser but still logged in.
I am using forms authentication:
also on login:
So if the user closes the browser will he still login or not. If he is still login that means online status is still true, in that case how can i set the online status to false. I guess the user will automatically logout at certain given timeout if he dont open the site again. So how would i set the online status to false in this case ?
BrockAllen
All-Star
27532 Points
4906 Posts
MVP
Re: Managing logged in users of the site
Dec 07, 2012 02:15 PM|LINK
I'd suggest changing your thinking about what "logged out" means. I'd use the concept of inactivity instead. In other words, if the user's not been active in 30 minutes then I'd consider them logged out. This addresses the scenarios where the user doesn't click your logout button and they just close the browser or just leave it open forever (yet their auth cookie times out).
DevelopMentor | http://www.develop.com
thinktecture | http://www.thinktecture.com/
rajesh sahar...
Member
225 Points
553 Posts
Re: Managing logged in users of the site
Dec 07, 2012 05:23 PM|LINK
ok good point. got it.
i also want the same but how can i change the online status in this case thats the question ?
That is exactly what i want.
BrockAllen
All-Star
27532 Points
4906 Posts
MVP
Re: Managing logged in users of the site
Dec 07, 2012 05:48 PM|LINK
I think you should not keep a "logout" flag in the database and instead keep a last activity date/time. Then your logic of "who's logged in" is anyone that has been active in the past X minutes. Or maybe I'm not understanding your question here.
DevelopMentor | http://www.develop.com
thinktecture | http://www.thinktecture.com/
rajesh sahar...
Member
225 Points
553 Posts
Re: Managing logged in users of the site
Dec 08, 2012 03:13 AM|LINK
ok thanks its looking better approach.
Thats the hard part... can you provide some sample for that ?
No you are right i need to change my approach about logout.
Thanks
BrockAllen
All-Star
27532 Points
4906 Posts
MVP
Re: Managing logged in users of the site
Dec 08, 2012 03:54 AM|LINK
You need to implement Application_PostAuthenticationRequest in global.asax to log the current DateTime.Now for User.Identity.Name.
DevelopMentor | http://www.develop.com
thinktecture | http://www.thinktecture.com/
rajesh sahar...
Member
225 Points
553 Posts
Re: Managing logged in users of the site
Dec 08, 2012 10:42 AM|LINK
Thanks but i am not proficient with handling these security events. What i need is step by step guide to implement this process.
Any refernce link will be helpful.
Thanks
BrockAllen
All-Star
27532 Points
4906 Posts
MVP
Re: Managing logged in users of the site
Dec 08, 2012 01:37 PM|LINK
http://msdn.microsoft.com/en-us/library/4wt3wttw.aspx
http://msdn.microsoft.com/en-us/magazine/cc301362.aspx
http://msdn.microsoft.com/en-us/magazine/cc188942.aspx
DevelopMentor | http://www.develop.com
thinktecture | http://www.thinktecture.com/
rajesh sahar...
Member
225 Points
553 Posts
Re: Managing logged in users of the site
Dec 08, 2012 03:50 PM|LINK
Thanks Brock, while these links not solves my current reqquirement but taught me very important concepts specially http pipline.
BrockAllen
All-Star
27532 Points
4906 Posts
MVP
Re: Managing logged in users of the site
Dec 08, 2012 04:06 PM|LINK
Right, so now that you know about the pipeline you can write the PostAuthenticateRequest event in global.asax that I suggested earlier.
DevelopMentor | http://www.develop.com
thinktecture | http://www.thinktecture.com/