same user multiple logins(solved)

ursrajkumar82 · January 28th, 2005, 01:39 AM

hi all,

i am new subscriber to this site.this is my first letter to this group.

my problem is how to restrict the user from login more than one machine at the same time.
for this i have written some code in session_OnEnd which is in global.asa file.it shoulb fire when the session is expired.but it is not working.here i am giving my code which is in global.asa file

<script language="vbscript" runat="server">
    sub Application_OnStart

    end sub

    sub Application_OnEnd
        ''code to remove all user names
        for each x in Application.Contents
            Application.Contents.Remove(x)
        next
    end sub

    sub Session_OnEnd
        ''code to remove the user,whose session is expired
        for each x in Application.Contents
            if Application.Contents(x)= session("user_id")
                 Application.Contents.Remove(x)
            end if
        next
    end sub
</script>

first, i tell what i am doing in login page.
when user logged in to my application i am storing userid in application.contents object after checking whether userid is already exist or not.if not ia m storing user id in application contents.till here this is fine and its working properly.
but the thing is in the above code i am trying to remove the userid
(whose session is expired) from the application.contents list
it is not working, can you help me.

Vadivel · February 2nd, 2005, 12:01 AM

I have written an article regarding this in MSDN .. check it out @ http://www.microsoft.com/india/msdn/articles/161.aspx

Best Regards
Vadivel

MVP ASP/ASP.NET
http://vadivel.thinkingms.com

Vadivel · February 2nd, 2005, 12:03 AM

oops I didn't realise this to be the Classic ASP forum ... the link which i have posted above is for ASP.NET

Best Regards
Vadivel

MVP ASP/ASP.NET
http://vadivel.thinkingms.com

Vadivel · February 2nd, 2005, 12:09 AM

Extract from that article which might interest you:

Quote:

quote:Let us create a Boolean datatype in our database, as part of the User table. I have named it isLogged for sake of clarity. As soon as the login process for a given user account succeeds, the value of this flag would be set to True. Now, let me take a minute in-between to define the success of the login process.

During the login process, as part of verifying the credentials against the User table, we also check for the value of isLogged. If the value is already set to True, it clearly means that the user is already logged on to the system. Aha! Gotcha! We redirect the user to an appropriate page explaining the problem clearly and thus login fails. On the other hand, if the value of isLogged is false, we set it True and allow the user to proceed further with the application.

One of the easier ways to implement this logic is to make use of the global.asax. This file has two routines namely Session_onStart and Session_onEnd. I am sure the names are self-explanatory. So we put the code login process in Session_onStart and set the value of isLogged to False in Session_onEnd. This would be our simple and straightforward logout process.

Ok, now what?! The traditional approach would work perfectly under normal scenarios. i.e. a user logs onto our site, has some good time minding his / her own business and logs out. What will happen if he doesnât log out and just closes the browser or what if he simply moves on to visit another site without even logging out?!!

One of obvious reasons why we canât trust Session_onEnd is that there is no guarantee that the event will be triggered when the browser is closed. Does this mean that the whole purpose of Session_onEnd is defeated? May be not. The event will be triggered after the session times out. Normally, this time would be about 20 minutes. So there are chances that our User gets frustrated and leaves our website once and for all.

Best Regards
Vadivel

MVP ASP/ASP.NET
http://vadivel.thinkingms.com