ASP.NET - How to restrict the same user logging in multplie places same time?

Asked By Nagaraj muthuchamy on 11-Aug-10 05:35 AM
Hi,

I have a requirement to avoid the same user being logged in from different systems at the same time.
(i.e ) At any point of time, user can be active from only one IP.

I am using custom tables and session objects to manage the user authentication process.
I thought to implement this using, session objects and events such as Session_OnStart and Session_OnEnd.

It seems that, session objects are not reliable and It's not guaranteed that Session_OnEnd event is fired properly.

Please, post your ideas on this.

Thanks,
Nagaraj
Sagar P replied to Nagaraj muthuchamy on 11-Aug-10 06:00 AM
I think session will not work in this case;

There could be several possibilities.

  1. Maintain a flag in database; upon every login/out update the flag. For instance, upon every authentication request you can reject the login request if the flag is already true.

  2. Alternatively, you can maintain a list of users in the Application object and use .Contains to see if it already exists.

I think maintaing Application object is better way to do. Just stored your user ID like this at the time of login;

string appKey = "User#" + userId; //userId will be the userId user is using to login
Application[appKey]=userId;

And when user log out remove it from application object again.

Now at the time of login you can check weather it contains this string or not like;

if (Application.AllKeys.Contains(appKey))

{
  //This means use is lareay login

}

Just go thr this link which discuss the same;

http://stackoverflow.com/questions/2599118/in-asp-net-site-how-to-prevent-multiple-logins-of-same-user-id

sri sri replied to Nagaraj muthuchamy on 11-Aug-10 06:03 AM
hi,

you can go with cache.

once the user is logged in, write the user id in the cache.

if the same user logs in from another system, check the userid against the cache variable.

if it already there, then dont allow that user to login, if it is not there allow him to login.

to know more on cache, check the below link

http://www.codeproject.com/KB/web-cache/cachingaspnet.aspx
http://authors.aspalliance.com/aspxtreme/webapps/aspcachingfeatures.aspx
Nagaraj muthuchamy replied to Sagar P on 11-Aug-10 09:03 AM
Thank you very much.
Nagaraj muthuchamy replied to sri sri on 11-Aug-10 09:04 AM
Thank you very much.
sri sri replied to Nagaraj muthuchamy on 11-Aug-10 10:49 PM
:-)