Get Help:Ask a Question in our Forums|Report a Bug|More Help Resources
Last post Jan 01, 2013 03:20 AM by KeyurN
Dec 31, 2012 05:46 AM|LINK
I want to make user is able to login into single session only.If user is already login then he is not able to login from anywhere.
For that I have take one flag in my Database when user is login i will true that flag and check accordingly.
But some reasons like close browser without logoff not able to update that flag to false.so user is online every time and not able to login from another machine.
Can you please help me.
Dec 31, 2012 06:16 AM|LINK
there is no concreete solution for catching the browser close events... although u can use onbeforeunload events of browser etc.
nothing would guarantee to work in all scenarios.... like, what happens if user kills the browser process from task manager?
so, alternate solution is... add session_end event in global.asax
session_end is called whenever session is time out. that means, if user closes the browser in 5 minutes, session_onend event will be called on server after next 15 minutes (considerign session timeout is set to default 20 minutes)
u can then mark the flag in database in session_end event and if user tries to login again during that period then, display the message that "since, u r last session was terminated unepxectedly, please wait for some time and login again"
hope this helps...
Dec 31, 2012 06:17 AM|LINK
a flag is not the right way to handle this, as it was originally not a bad idea (for win app) in webapps this way will not work
the easiest way is using signalR as this is made some sort of standard these days, anyway i'm not that great of a fan so here's the hard solution.
you will need to make some sort of cache controller....
that might just help you
Dec 31, 2012 06:45 AM|LINK
I have aleady implmeneted same functionality in one of my project.
For that you have to do following way.
When user will logged in you have to save session id in your database and time of logged.
Also you have to save Session Id in your cookie as well.
So when browser will close and user status is online in database than check your cookie and if cookie is same than you can allow to log in and update session id again and cookie.
If user will try to access from other place than don't allow to logged in for block time.
suppose if you have logged in at 12:00 PM and you have set 5 hours for block from other system.
If cookie is not matching then you can allow them after 5 hours of loggin or last update of login.
So hope this scenarios will work for you.
There are many other way as well.
So please check it and let me know if its not suitable for your requirement than I will suugest you more solution.
Dec 31, 2012 07:22 AM|LINK
I have not anything like user has to block for perticluar time frame.if user is logged in then simple not able to login from any other machine or session.
I just have requirement is if user is logged in then not able to login from any other session.
Dec 31, 2012 07:38 AM|LINK
Just I want to know, Suppose user have closed browser than you want to allow user to log in from other machine or any other browser or not ?
Dec 31, 2012 07:40 AM|LINK
Yes I think user is able to login from other machine.
Dec 31, 2012 08:11 AM|LINK
If you want to allow user from other machine than you have to add one timer in your system and need to add one date field column in database.
in timer you have to update date fields every time in background. Becuase otherwise you can't find that if any user is logged in or not.
So when you will try to log in next time you should check last time in your database and if last reading time in database is more than your timer event + some time offset like 1 min or as you want. than you have to allow user to log in from other system.
Let me know, if you have any problem or you need any more solution.
Dec 31, 2012 03:45 PM|LINK
as stated, because the web is stateless, there is no reliable logout in web applications. most users logout by their session timing out. (20 minutes of inactivity) is common.
so, if the users forgot to click your logout, they will need to wait the timeout before they can login in on another browser. you can create a session ticket on login and only treat this session as valid. this is the last login wins approach.
Jan 01, 2013 03:20 AM|LINK
Please give me the basic steps with code.
I am very confused to do with better way