Last post Nov 19, 2018 02:23 PM by jzero
Nov 18, 2018 03:13 PM|holdorfs|LINK
Nov 18, 2018 07:11 PM|jzero|LINK
You did not specify what you are using, but here is what I do
I´m using Webforms with Membership and LoginView Control, this what I do to not allow users be logged more then one time.
When user try a second login, existing session is logged out, and user have to loggin again
On Login page and using LoginView control, at LoggedIn event, register SessionID
If zMultilogin = False Then
'Afeter first login , to prevent multiple sessions, whe have to save SessionID on Cache, this value will be compared on second login
Dim zLogin As Login = LoginView1.FindControl("Login1")
Dim zUsuario As MembershipUser = Membership.GetUser(zLogin.UserName) 'Get current Username
Dim zID As String = zUsuario.ProviderUserKey.ToString 'Get Priveder UserKey
'Create a Session variable, just to fix Session, so it does not keep changing on each page load Session("dfe") = "#dfeloggedin#" 'Use any name and any value, it is just to prevent Session value change on each page load
'Register on Cache the SessionID value, using ProviderUserKey of user
System.Web.HttpContext.Current.Cache(zID) = Session.SessionID
On PageLoad verify if Current SessionID is same, if not Logout existing Session and redirect to Login page
If zMultilogin = False Then ' If Multilogin is not allowed
'If same user is trying another session, force logoof current session
Dim zSessionID As String = System.Web.HttpContext.Current.Session.SessionID
Dim zContext = System.Web.HttpContext.Current
Dim zUser = Membership.GetUser
'Veify is user is authenciated and if SessionID is same stored on cache
If zContext.Request.IsAuthenticated AndAlso Not zContext.Cache(zUsuario.ProviderUserKey.ToString) = zSessionID Then
FormsAuthentication.SignOut() 'Logout current (existing) session
Response.Redirect("~/Login.aspx") 'Redirect to login page
Nov 18, 2018 07:44 PM|holdorfs|LINK
Nov 18, 2018 11:43 PM|mgebhard|LINK
Nov 19, 2018 02:09 AM|holdorfs|LINK
Nov 19, 2018 12:31 PM|mgebhard|LINK
How does identity work in work in Windows authentication?
Use windows auth as an external login.
Another option is creating a cookie where the username is the key and a GUID is the value. Also store the username and GUID value in a DB table. If the user has the cookie but the GUID value does not match then do not allow the user to access the site.
Nov 19, 2018 02:23 PM|jzero|LINK
Also it appears you are comparing the session id to the current browser session. How do I compare it to a browser session on another machine?
Every time you load on different browser or different machine you get a new SessionID