Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

How to prevent multiple logins using same username?

Status
Not open for further replies.
mrpro

mrpro

Programmer
Oct 11, 2004
64
0
0
GB
Hi guys

what is the best way to prevent multiple users logging in
using the same username/password

--Can we guarantee this using the session
--Is it better to do storing the sessionid in the database
--any other thoughts would be great.

Thanks


 
Sort by date Sort by votes
You could have a field in the database table that you set to True when the user logs in and set it to False when they log out (and when their session expires in case they forget to log out)

You can then check the state of this field when you process the login information. If the field is set to true then deny access since someone is logged in.


Tony
_______________________________________________________________
 
Upvote 0 Downvote
thanks tony

what about if some one logged in and then closes the browser(some times might crash and then closes itself also)
and again tried to logged in.we can't also rely Session to do the logout for us

and also my site doesn't have any logout functionality.

any other tip

 
Upvote 0 Downvote
yes Tony we shouldn't allow multiple logins with the same username at a time..
 
Upvote 0 Downvote
you could try storing a time stamp every time the user goes to a page then if someone else with the same name tries to log in it checks to see their current time is a certain amount of mins greater than the one stored on the db,

if it is then other use is either in active or has closed the browser so they can continue.

If its not then it means someone with that username name is on
 
Upvote 0 Downvote
steven what if the user opens two windows on the same machine and he still active with the first window.

i wanted to some how be able to do what the yahoo do with their messenger.If some one logs on another machine the first connection will be logged of.

how do we logoff the user and send him back to login page in asp
 
Upvote 0 Downvote
but your orig question was if someone is looged in no one else with same name can't

what you are asking now is the excact opposite

which one is it?
 
Upvote 0 Downvote
Instead of storing true/false in the current login field perhaps you could store the user's IP address or a NULL.

That way you could have multiple windows on one machine or you could close the browser and reopen it.

If you have dynamic IP addresses and your box chrashes you'd still be S.O.L.
 
Upvote 0 Downvote
the second option is simple just store the session.id in field then if someone else logs on their session id will be stored, so next time the first person who logged in goes to a secure page it check to see if his session.id matches - if not he will get kickoff
 
Upvote 0 Downvote
Session ID is better than IP address because it would survive a change of address and, for obvious reasons, it is impossible for that ID to recycled before the pervious session with that ID ends.
 
Upvote 0 Downvote
still asking the same Q

we should permit only one login per username/password.

my thinking now is by going through your suggestion ,if some one else logged in with the same user name we should logoff the first user and allow the new user to login.

how can we do this..

 
Upvote 0 Downvote
You could put some code to check the current session into an INCLUDE file that gets pulled into every page. This code would compare the userid to the session id and, if they don't match, kick the person out to the login page.
 
Upvote 0 Downvote
lol I didn't even see this:

" so next time the first person who logged in goes to a secure page it check to see if his session.id matches - if not he will get kickoff" - steven290
Click to expand...

Looks like he beat me again!
 
Upvote 0 Downvote
thanks guys i think this way we don't even need to bother to clear the session as we can update the SessionId to null
in the Session_OnEnd

i will give it a shot checking sessionId's and will let you know if i come across any other problems with this.once again thanks very much for all your help

 
Upvote 0 Downvote
should prob be something like this

when someone logs in


"update tblname set securesession=" & session.sessionid

if second person logs in - first person get kicked like this

"select securesession from tblname where id=whatever"

if cint(rs("securesession"))<>session.sessionid then
response.redirect("login.asp")
else
continue...
end if
 
Upvote 0 Downvote
Sheco i wouldn't say its beating - you were just reenforcing, lol
 
Upvote 0 Downvote
thanks steve..that's the real stuff..
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

leifoet
  • Locked
  • Question
How to send HTML emails with ASP classic?
Replies
0
Views
94
leifoet
leifoet
leifoet
  • Locked
  • Question
How to check if a datatable is empty ?
Replies
0
Views
74
leifoet
leifoet
penguinspeaks
  • Locked
  • Question
Return to current location on page after asp processes.
Replies
2
Views
88
penguinspeaks
penguinspeaks
bslintx2021
  • Locked
  • Question
How to configure IIS 10 server to allow Classic ASP to connect to MSSQL server database on a domain
Replies
1
Views
204
penguinspeaks
penguinspeaks
Swi
  • Locked
  • Question
JQUERY AJAX POST and how to receive data via Classic ASP
Replies
0
Views
104
Swi
Swi

Part and Inventory Search

Sponsor

Back
Top