开发者

Limit only one session per user in ASP.NET

问答 作者:

Is there anyway to detect when a user logins if there is already anothe开发者_StackOverflow社区r session with the same username, and block him from logging in again or send him a message?

You could always implement the events in global.asax.

Implement Application_Start() to setup a System.Collections.Dictionary (or at your preference) and store that in the Application[] collection, when a user logsin, add the username. Remove from the collection in Session_End(). Remember to use the 'lock' keyword while working with the collection :)

Have fun!

Example:

[page.aspx]
public partial class page : System.Web.UI.Page {
    protected bool Login(string userName) {
        System.Collections.Generic.List<string> d = Application["UsersLoggedIn"]
            as System.Collections.Generic.List<string>;
        if (d != null) {
            lock (d) {
                if (d.Contains(userName)) {
                    // User is already logged in!!!
                    return false;
                }
                d.Add(userName);
            }
        }
        Session["UserLoggedIn"] = userName;
        return true;
    }

    protected void Logout() {
        Session.Abandon();
    }
}

[global.asax]
<%@ Application Language="C#" %>
<script RunAt="server">
    void Application_Start(object sender, EventArgs e) {
        Application["UsersLoggedIn"] = new System.Collections.Generic.List<string>();
    }

    void Session_End(object sender, EventArgs e) {
        // NOTE: you might want to call this from the .Logout() method - aswell -, to speed things up
        string userLoggedIn = Session["UserLoggedIn"] == null ? string.Empty ? (string)Session["UserLoggedIn"];
        if (userLoggedIn.Length > 0) {
            System.Collections.Generic.List<string> d = Application["UsersLoggedIn"] 
                as System.Collections.Generic.List<string>;
            if (d != null) {
                lock (d) {
                    d.Remove(userLoggedIn);
                }
            }
        }
    }
</script>

I've implemented this where when a user logs in it sets a flag in the DB that they are logged in. It was an int representing how many times they are logged in. We allowed two. Then would just check that when validating the user.

You can, by keeping track of users logged in, in your global.asax by using the Application object.

In the Session_Start method or your login method, you can check if the user is stored in the Application object.

On the Session_End method or in your logoff method, you'll need to remove the user from the Application object.

Don't store it in the DB if you cannot identify user logout event (they may click logout, close the tab, close the whole browser, or may just shutdown the computer...). Use session to do the same checking instead.

You could store the SessionID of a user in a database. On each login, store a combination of Unique username and SessionID into the database. In the masterpage you include the query to the database, to check wether the last login for the currently used username was from the same session. If not, abandon the session and redirect to the login page.

The behaviour I posted should log out the second user. You may change the Session.Abandon to your desired behaviour

继续阅读:.netasp.net

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9