Restrict logged in user to login again
-
Hi.. I m working on an asp.net website. storing users in sql server db. what could be the best way to know whether user logged in or not ? and restrict them to login again in another browser window or another machine. Make sure I am not using authentication. I use to store logged in user to session. Is it possible through application state. thanks,
By: Hemant Thaker
-
Hi.. I m working on an asp.net website. storing users in sql server db. what could be the best way to know whether user logged in or not ? and restrict them to login again in another browser window or another machine. Make sure I am not using authentication. I use to store logged in user to session. Is it possible through application state. thanks,
By: Hemant Thaker
Application state would not be the best place for that, as the users session would not timeout until the application state timedout, the app pool was recycled or the app is recompiled (a change to the web.config would do this). I would / have used Session State for this in the past, just set session state variable to true when the user is logged in and just check that when the page is loaded. something along the lines of; Login Page;
protected void login_click(object sender, EventArgs e){ .... code to validate credentials ...... Session["LoggedIn"] = true; Response.Redirect("defaultpage.aspx"); }All Pages;
protected void Page_Init(object sender, EventArgs e){ if (!(bool)Session["LoggedIn"]) Response.Redirect("login.aspx"); }If at first you don't succeed ... post it on The Code Project and Pray.
-
Application state would not be the best place for that, as the users session would not timeout until the application state timedout, the app pool was recycled or the app is recompiled (a change to the web.config would do this). I would / have used Session State for this in the past, just set session state variable to true when the user is logged in and just check that when the page is loaded. something along the lines of; Login Page;
protected void login_click(object sender, EventArgs e){ .... code to validate credentials ...... Session["LoggedIn"] = true; Response.Redirect("defaultpage.aspx"); }All Pages;
protected void Page_Init(object sender, EventArgs e){ if (!(bool)Session["LoggedIn"]) Response.Redirect("login.aspx"); }If at first you don't succeed ... post it on The Code Project and Pray.
thanks, I think this is all about authentication. you are redirecting the user to login.aspx if he is not logged in. that's fine. I want to restrict one user to login in the second machine, if he is logged in , in one machine. (simply dont want him to use application in two different browser window). thanx
By: Hemant Thaker
-
thanks, I think this is all about authentication. you are redirecting the user to login.aspx if he is not logged in. that's fine. I want to restrict one user to login in the second machine, if he is logged in , in one machine. (simply dont want him to use application in two different browser window). thanx
By: Hemant Thaker
Oh, well in that case just store an ArrayList in Application State with all the logged in users in there (or a unique identifier for each user) then when a user tries to log in check if they are already in the ArrayList and show an error if they are.
protected void login_clicked(object sender, EventArgs e){ if (((ArrayList)Application["LoggedInUsers"]).Contains(txtUserName.text)) // Show log in erorr else{ ArrayList temp = Application["LoggedInUsers"]; temp.Add(txtUserName.Text); Application["LoggedInUsers"] = temp; // redirect to default page } }Just dont forget to remove them when they logout or their session expires.
If at first you don't succeed ... post it on The Code Project and Pray.
-
Oh, well in that case just store an ArrayList in Application State with all the logged in users in there (or a unique identifier for each user) then when a user tries to log in check if they are already in the ArrayList and show an error if they are.
protected void login_clicked(object sender, EventArgs e){ if (((ArrayList)Application["LoggedInUsers"]).Contains(txtUserName.text)) // Show log in erorr else{ ArrayList temp = Application["LoggedInUsers"]; temp.Add(txtUserName.Text); Application["LoggedInUsers"] = temp; // redirect to default page } }Just dont forget to remove them when they logout or their session expires.
If at first you don't succeed ... post it on The Code Project and Pray.
You said in last "Just dont forget to remove them when they logout or their session expires." will it work to remove entry in Session_End event in global.asx ? thanks,
By: Hemant Thaker
-
You said in last "Just dont forget to remove them when they logout or their session expires." will it work to remove entry in Session_End event in global.asx ? thanks,
By: Hemant Thaker
Yup, and if you have a logout page you would want to put it in there to. But keep in mind that the session will stay alive for a bit after the user closes the browser, that period is configurable i just remember how.
If at first you don't succeed ... post it on The Code Project and Pray.