All geek questions in one place

How to prevent simultaneous login with the same user on different PCs

We have an intranet application in which users have to perform authorization to perform certain tasks ... We need to make sure that not a single “application user” is registered more than once at a time.

So what I'm doing right now is that I store the current asp.net session id in the database and then compare each page load if they are the same or not. The session ID is stored in the database when the user logs in.

But, using this type check, database selection is always required. Therefore, I do not really like it. Should there be a more elegant way to solve this, or?

We use ASP.Net2, C # ..

Thanks in advance for any input.

[Update Information]

I have already created a special Memberhipprovider and a custom Memberhippuser. The Membershipuser member has a method called "StartSession (string sessionId)" that is used when the user logs in.

Another CheckSession (string sessionId) method is used for each postback and compares the current session identifier with the session identifier stored in the database.

[Update] Thank you all for your input. Now I will use the cache to prevent permanent access to the database. At first I thought that there is already a class or something that is already dealing with this problem.

+4
source share
5 answers

Your existing approach to storing this information in the database is reasonable, it helps if things increase.

However, you can also use the System.Web.Caching.Cache object to track the current user session. If the search for information in the cache object does not work to return to reading from the database, then put this information in the cache for subsequent requests.

+4
source

The main change I would suggest is to create a session cache for verification, rather than using a database every time the page loads.

It will work in a similar way - you check the session identifier in the cache to verify and take the same actions if the verification is not completed. You just won't need to make database calls.

+3
source

While digging around something related to this earlier, I came across this article, which may be useful:

ASP.NET Multiple Login Prevention (EggHead Cafe)

+3
source

According to other answers, caching will give you a performance boost here, but check if this is really required for an intranet application.

What you are describing breaks down the standard model for web applications, and I would question the value of this for purely licensed reasons. In particular, if you intend to try to prevent the opening of several tabs, you are likely to begin a very difficult task that will reduce the quality of your user.

+1
source

Create a user login database with an additional Active field or something similar. When authenticating a user, check the value in this field from the user table if it is already a true display message through javascript "User is already registered", if the Active value is false, updates and sets it to true and authenticates the user on the next page or form. Check this on page_page of the event of the next page in the navigation after user authentication. if the user is already registered, page controls can be made read-only, entries can be changed on the page.

I used this and it worked. there is no session in my application.

-2
source

Source: https://habr.com/ru/post/1286738/

More articles:


All Articles