Prevent Multiple Login in one PC

classic asp , security , session Philippines
  • 12 years ago
    Any one have an idea on how to prevent multiple login in one PC? To make my question clear, I listed some scenarios: 1. When first time visiting my site, user will be redirected to login page. 2. User successfully login on my site. He open another browser in the same pc(new session) and open the login page. The user must be redirected to main page. That means the credentials used in first login will be used. He cannot login again using different credentials. 3. Two instance of browsers (not necessarily different agents) on same pc both accessing the site. When one browser was logout, the other browser should be redirected to login page when it clicks a link or refresh the page. The current site I'm working with was created using classic ASP and uses session. I just need to add the functionality mentioned above. Migrating this to ASP.net will be the last resort since this will take a lot of time and effort. I hope I made my self clear here. Any ideas is greatly appreciated. Thanks, Jim
  • 12 years ago
    Hi Jim, welcome to developerFusion! :) Probably the best route for this would be to keep your existing authentication system (as the sessions will be restricted to the first browser). When the user logs in, you can make an entry in the database against that user saying they have a current session - and prevent subsequent logins. You would then have to write some code in the global application class to capture when a session ends, and automatically reset the flag in the database. The problem with this scenario is that if the user closes the browser (and hence loses their session), they won't be able to log in again until the session expires on the server and your clean-up code executes. You'll also need to cater for the scenario when your server unexpectedly shuts down (or IIS restarts) in which case your session clean-up code may not execute... so you'll need some sort of batch-job running on the server that also resets the flags in the database after a certainl amount of inactivity so they can log back in. All in all - it's possible - but consider carefully whether this is something you *really* need to do - you'll get lots of frustrated users unable to login. Hope that helps! James
  • 12 years ago
    Thank you for the reply James. Geez, thats what my direction is going before I read your reply. And these are possible problems i've been worried about. I guess there's no other route? This GCC policy really gives us headache. What if we will migrate this to .NET? Do you think it is more feasible than the above solution? I hope others can give their opinions as well. Thanks in advance. regards, Jim
  • 12 years ago
    Jim, You'll still face the same issues with .NET - it doesn't offer anything (that I'm aware of) to make this scenario easier.... except for the Membership providers - but I don't think these were designed specifically with this option in mind. Would be interested to see if anyone else has suggestions too!

Post a reply

Enter your message below

Sign in or Join us (it's free).

Contribute

Why not write for us? Or you could submit an event or a user group in your area. Alternatively just tell us what you think!

Our tools

We've got automatic conversion tools to convert C# to VB.NET, VB.NET to C#. Also you can compress javascript and compress css and generate sql connection strings.

“In theory, theory and practice are the same. In practice, they're not.”