Form-Based Login Help
-
I have a typical web application using form-based login to allow users to access the site. Everything works great. However I want to limit the user to only logging in one session on one computer, so the user CANNOT login in multiple browsers on the same machine or different machines. Is there any thing built into ASP.NET that can do this? Or do I have to come up with my own solution? Any ideas? Thanks David p.s. the only solution so far that i came up with is keeping track of the users in table stored in the Application variable.
-
I have a typical web application using form-based login to allow users to access the site. Everything works great. However I want to limit the user to only logging in one session on one computer, so the user CANNOT login in multiple browsers on the same machine or different machines. Is there any thing built into ASP.NET that can do this? Or do I have to come up with my own solution? Any ideas? Thanks David p.s. the only solution so far that i came up with is keeping track of the users in table stored in the Application variable.
>p.s. the only solution so far that i came up with is keeping track of the users in table stored in the Application variable. Pretty much that is the way. I don't know of any builtin ASP.NET method. Be handy to have though. regards, Paul Watson Bluegrass South Africa Chris Maunder wrote: "I'd rather cover myself in honey and lie on an ant's nest than commit myself to it publicly." Jon Sagara replied: "I think we've all been in that situation before." Crikey! ain't life grand?
-
I have a typical web application using form-based login to allow users to access the site. Everything works great. However I want to limit the user to only logging in one session on one computer, so the user CANNOT login in multiple browsers on the same machine or different machines. Is there any thing built into ASP.NET that can do this? Or do I have to come up with my own solution? Any ideas? Thanks David p.s. the only solution so far that i came up with is keeping track of the users in table stored in the Application variable.
Actually there is something build in I use. If you are using the SQL server to store the sessions you can get the session ID and in store it in your USER table, so you only allow that session ID attached to that user to be online. So, to get the Session ID this is the QUERY:
SELECT tempdb.dbo.ASPStateTempSessions.SessionId FROM tempdb.dbo.ASPStateTempSessions WHERE tempdb.dbo.ASPStateTempSessions.Expires > GETUTCDATE() AND tempdb.dbo.ASPStateTempSessions.SessionId LIKE @SessionCookieFor SessionCookieassign a cookie to every USER In your database that's how you get the USERSSELECT * FROM MyDatabase.dbo.Users, tempdb.dbo.ASPStateTempSessions WHERE tempdb.dbo.ASPStateTempSessions.Expires > GETUTCDATE() AND MyDatabase.dbo.Users.SessionCookie=tempdb.dbo.ASPStateTempSessions.SessionIDDoes it make sense? You always can get the SessionID from the page and store it in your database. So ONLY one BROWSER AND ONE User can get a session. I hope this make sense, the problem is I got the solution implemented into my code, instead of just creating a control to do so, I may just do that for you, so you can use it. Let me know if I confuse you more than help you. Al -
Actually there is something build in I use. If you are using the SQL server to store the sessions you can get the session ID and in store it in your USER table, so you only allow that session ID attached to that user to be online. So, to get the Session ID this is the QUERY:
SELECT tempdb.dbo.ASPStateTempSessions.SessionId FROM tempdb.dbo.ASPStateTempSessions WHERE tempdb.dbo.ASPStateTempSessions.Expires > GETUTCDATE() AND tempdb.dbo.ASPStateTempSessions.SessionId LIKE @SessionCookieFor SessionCookieassign a cookie to every USER In your database that's how you get the USERSSELECT * FROM MyDatabase.dbo.Users, tempdb.dbo.ASPStateTempSessions WHERE tempdb.dbo.ASPStateTempSessions.Expires > GETUTCDATE() AND MyDatabase.dbo.Users.SessionCookie=tempdb.dbo.ASPStateTempSessions.SessionIDDoes it make sense? You always can get the SessionID from the page and store it in your database. So ONLY one BROWSER AND ONE User can get a session. I hope this make sense, the problem is I got the solution implemented into my code, instead of just creating a control to do so, I may just do that for you, so you can use it. Let me know if I confuse you more than help you. AlYes I understand...but I just thought of an issue which has to be solve. What happens when a user closes the browser with out signing off, the database still things the user is logged in, so now the user cant get back in.
-
Yes I understand...but I just thought of an issue which has to be solve. What happens when a user closes the browser with out signing off, the database still things the user is logged in, so now the user cant get back in.
Incorrect, the user will be able to get back in if use the same browser, otherwise if uses another computer/browser is going to let it time out, or you can overide the previous version as I do. Al
-
Actually there is something build in I use. If you are using the SQL server to store the sessions you can get the session ID and in store it in your USER table, so you only allow that session ID attached to that user to be online. So, to get the Session ID this is the QUERY:
SELECT tempdb.dbo.ASPStateTempSessions.SessionId FROM tempdb.dbo.ASPStateTempSessions WHERE tempdb.dbo.ASPStateTempSessions.Expires > GETUTCDATE() AND tempdb.dbo.ASPStateTempSessions.SessionId LIKE @SessionCookieFor SessionCookieassign a cookie to every USER In your database that's how you get the USERSSELECT * FROM MyDatabase.dbo.Users, tempdb.dbo.ASPStateTempSessions WHERE tempdb.dbo.ASPStateTempSessions.Expires > GETUTCDATE() AND MyDatabase.dbo.Users.SessionCookie=tempdb.dbo.ASPStateTempSessions.SessionIDDoes it make sense? You always can get the SessionID from the page and store it in your database. So ONLY one BROWSER AND ONE User can get a session. I hope this make sense, the problem is I got the solution implemented into my code, instead of just creating a control to do so, I may just do that for you, so you can use it. Let me know if I confuse you more than help you. AlIs the [ASPStateTempSessions] a table you created to hold your session information? Currently my session information is InProc. Do I have to change it to SQLServer?
-
Is the [ASPStateTempSessions] a table you created to hold your session information? Currently my session information is InProc. Do I have to change it to SQLServer?
Ah I figured it out...atleast with setting up my sessionState to SQLServer mode. I will get back if I need any more help.
-
Is the [ASPStateTempSessions] a table you created to hold your session information? Currently my session information is InProc. Do I have to change it to SQLServer?
ASPStateTempSessions in a table create it by an script in the .NET framework to hold the sessions. Please check at this link from MS to learn how to use SQL to hold sessions: http://support.microsoft.com/default.aspx?scid=kb;EN-US;307598[^] InProc as you using keeps all the Sessions in memory, so does not work in Web Farms or Web Gardens as my program runs. Using the SQL solution to keep your sessions allows you to run SELECT queries to check what sessions are alive, therefore what users are on your web application. Have fun Al
-
Actually there is something build in I use. If you are using the SQL server to store the sessions you can get the session ID and in store it in your USER table, so you only allow that session ID attached to that user to be online. So, to get the Session ID this is the QUERY:
SELECT tempdb.dbo.ASPStateTempSessions.SessionId FROM tempdb.dbo.ASPStateTempSessions WHERE tempdb.dbo.ASPStateTempSessions.Expires > GETUTCDATE() AND tempdb.dbo.ASPStateTempSessions.SessionId LIKE @SessionCookieFor SessionCookieassign a cookie to every USER In your database that's how you get the USERSSELECT * FROM MyDatabase.dbo.Users, tempdb.dbo.ASPStateTempSessions WHERE tempdb.dbo.ASPStateTempSessions.Expires > GETUTCDATE() AND MyDatabase.dbo.Users.SessionCookie=tempdb.dbo.ASPStateTempSessions.SessionIDDoes it make sense? You always can get the SessionID from the page and store it in your database. So ONLY one BROWSER AND ONE User can get a session. I hope this make sense, the problem is I got the solution implemented into my code, instead of just creating a control to do so, I may just do that for you, so you can use it. Let me know if I confuse you more than help you. AlHow do you get the SessionCookie value to add it the [Users] table? Also should there also be another query, something like
INSERT INTO [Users] (SessionCookie) VALUES (xxx) WHERE [Users].[Name]=yyy? Thanks for all your help