tags:

views:

175

answers:

2
Q: 

ASP.NET MVC permitting only one logged in user

Hello,

I have an experience with CakePHP and now started coding on ASP.NET MVC framework. I have a problem with the login system. How can I restrict users from logging only one time simultaneously on my system?

I can create a field in my DB where Customer becomes active when logs in. If he logs out I can make active false. But what if the session just ends? How can I catch this?

A: 

This is, unfortunately, something of a challenge due to the way that the session end event are implemented as you don't have access to the information you need when they fire.

So turn the problem on its head a little, if you track the session that they last logged in on then if you get a request from that same authenticated user in a different session then remove the auth for that session (in effect the older session) with an appropriate redirect to a suitable message.

The key here is tracking not only who is currently logged in but also the session ID for that login.

Details are a bit more complicated - but you can perform the test at a request level or by adding your own base page class, deriving all your "real" pages from that and checking in a page event.

Murph  2009-11-03 09:02:27
I can keep the sessionID in my database. If user logs out it is deleted. But if user's session ends the sessionID stays there.So when user logs in I must check whether current sessionId is different then the one in database, and whether session timeout has ended, asuming I also keep user's loging datetime, correct?
gong  2009-11-03 12:52:47
Hmm, sort of. There isn't a single solution. The way I was looking at it was that when a user logs in you don't particularly care what session was live before because that session is now invalid and the user (of the "old" session) needs to be forceably logged out. What you care about is whether the combination of user *and* session is valid when you make a request.
Murph  2009-11-03 13:54:01
+1  A: 

This article provides a possible solution.

pmarflee  2009-11-03 09:04:35
You get an upvote 'cos that's doing something similar to my suggestion and has code!
Murph  2009-11-03 13:55:10

related questions

What's the best way to implement field validation using ASP.NET MVC?
How do I handle page flow in MVC (particularly asp.net)
Entity diagrams in ASP.NET MVC
How do I get rid of Home in ASP.Net MVC?
Can I generate ASP.NET MVC routes from a Sitemap?
ASP.NET Model-view-controller (MVC) - where do I start from?
user controls and asp.net mvc
ASP.Net MVC route mapping
RSS Feeds in ASP.NET MVC
Open Source Licensing Options for ASP.NET MVC Application?
Does the OutputCacheFilter in the Microsoft MVC Preview 4 actually save on action invocations?
MVC Learning Resources
Validating posted form data in the ASP.NET MVC framework
Best mock framework that can do both WebForms and MVC?
Use the routing engine for form submissions in ASP.NET MVC Preview 4
How do you get a custom id to render using HtmlHelper in MVC
MVC Preview 4 - No route in the route table matches the supplied values.
Is there a way to include a fragment identifier when using Asp.Net MVC ActionLink, RedirectToAction, etc. ?
In ASP.NET MVC I encounter an incorrect type error when rendering a user control with the correct typed object
ASP.NET MVC - Is it worth it yet?
Multiple languages in an ASP.NET MVC application?
Is it better to create Model classes, or just stick with generic database utility class?
ASP.NET MVC Without Visual Studio
ASP.NET MVC "CRUD" Database Sample
How to RedirectToAction in ASP.NET MVC without losing request data