Results 1 to 3 of 3

Thread: Enforcing a only one login rule on a website.

  1. #1
    Senior Member
    Join Date
    Sep 2007
    Posts
    409
    Thanks
    7
    Thanked
    32 times in 12 posts
    • icanhazburger's system
      • Motherboard:
      • Foxconn 946GZ7MA/946PL7MA Series
      • CPU:
      • DualCore Intel Core 2 Duo E6400
      • Memory:
      • 2 gig DDR2-667
      • Storage:
      • 320gig Baracuda II
      • Graphics card(s):
      • 7900 GS vc3600 cooler
      • PSU:
      • 600w
      • Case:
      • Something with a 25cm fan
      • Monitor(s):
      • 1 x 22"w 1 x 19"
      • Internet:
      • Pipex Max :(

    Question Enforcing a only one login rule on a website.

    Hi folks, not after language advice in particular, just logic advice.

    We have a few subscription based web sites that clients use, and my boss has decided that we need to enforce only allowing a user to login once at any time so that no users login can be used on different machines at same time.

    I'm struggling to get my head around how to implement this, especially as we use session variables to store the users id, and of course this can time out, it took me awhile to explain to my boss that when a session variable times out there is no event triggered on the server so in effect someone could try and login again and the site could refuse saying there already logged in. He seemed to think the server would know the session had timed out and could flag them as logged out in the db.

    Is there any sort of unique identifier that the page can pick up and store in the database so at least we can see some evidence of the returning user being the same? IP address can't be used because some of these people work from home and its doubtful they'd have a static ip, and of course then there's users that are behind a router.
    In the internets, no one can hear you sarcasm.

  2. #2
    Seething Cauldron of Hatred TheAnimus's Avatar
    Join Date
    Aug 2005
    Posts
    17,164
    Thanks
    803
    Thanked
    2,152 times in 1,408 posts

    Re: Enforcing a only one login rule on a website.

    So basically your Session Management system isn't up to the task.

    You can either use a better one, or hack around it, by joining the session, with another 'database'.

    Ie, at session instantiation, you generate a GUID which gets slapped into the local session variables, and then also into your "session tracking" database.

    This session tracking database, uses as its key the UserName, but also has the remote Host IP and that GUID, and an 'active' flag. The idea being when you proccess a logon, you check this Database, if they exist any other rows for that username (which don't match your GUID) you set the active flag to 0.

    On every page render you check this session db via that GUID and if the active flag is anything but 1, you put a "you have been logged out" thing up.

    This will also give you a simple log of who logged in from where, so you can easily see multiple logons, even nicer if you add a LoggedOn datetime and a LoggedOff datatime so you can see how they where doing it to themselfs.
    throw new ArgumentException (String, String, Exception)

  3. Received thanks from:

    icanhazburger (30-03-2009)

  4. #3
    Senior Member
    Join Date
    Sep 2007
    Posts
    409
    Thanks
    7
    Thanked
    32 times in 12 posts
    • icanhazburger's system
      • Motherboard:
      • Foxconn 946GZ7MA/946PL7MA Series
      • CPU:
      • DualCore Intel Core 2 Duo E6400
      • Memory:
      • 2 gig DDR2-667
      • Storage:
      • 320gig Baracuda II
      • Graphics card(s):
      • 7900 GS vc3600 cooler
      • PSU:
      • 600w
      • Case:
      • Something with a 25cm fan
      • Monitor(s):
      • 1 x 22"w 1 x 19"
      • Internet:
      • Pipex Max :(

    Re: Enforcing a only one login rule on a website.

    Sounds like a better solution, I don't like the idea of showing a message saying a user cannot login as I think I'd be besieged by angry users.
    In the internets, no one can hear you sarcasm.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Replies: 5
    Last Post: 24-11-2008, 08:34 PM
  2. recommend some website design software
    By petrefax in forum Software
    Replies: 24
    Last Post: 23-09-2004, 09:00 AM
  3. Logging into a Website through a Visual Basic App
    By MurphmanL in forum Software
    Replies: 5
    Last Post: 25-05-2004, 09:39 PM
  4. website thieving
    By luap.h in forum General Discussion
    Replies: 31
    Last Post: 11-04-2004, 10:12 PM
  5. 100% Database driven website
    By Kezzer in forum Software
    Replies: 7
    Last Post: 18-01-2004, 02:04 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •