I have a scenario in which I have to restrict the users for login as per following details:
Whenever 500th user try to login My web-site there would be a message "User login exceeds, please login later!".
Only 499 users can login at a time, 500th user is the Admin. Also need to show online users in admin page-view. So, how to calculate the login users and restricts the numbers upto 500.
Please provide the answers related to aps.net C#
In PHP you would do this by changing the behavior of Sessions so they're stored in the DB. That way you can keep a rough count of how many people are logged on.
I'm assuming there's a way to do this in ASP.
If you have a good performing RDBMS (and a good networking) you could register in a Table that information...but if this is expensive simply use some classes provided to your server-side technology (Session, Application etc.).
With JS is not possible do that. Where did you store globally that information (counter variable)?
Every time a client connect to your server all JS code is reloaded so you don't have a way to store that info.
Also If you wanted to use cookies remember that the cookies are specific to the client in which they are used.
There are multiple ways of accomplishing this.
Sessions in the DB is one way. That can be used to know how many anonymous users are on your site as well, though.
Another way to accomplish the task you're looking for is to flag the user in your user table in a new field called, say, "logged_in."
When the login method executes, the flag is modified accordingly, similar with the logout method. Then you run a SELECT query every time a user tries to log in to check how many are currently logged in and act accordingly.
A better way would be to keep a count in the DB of how many logged in users total, adding and subtracting, depending upon "login" or "logout" methods are executed. This way you won't know which specific users are logged in at any given moment, but you'll at least have an overall number which is what you need. This method is better because you won't have to run a SELECT query on your entire user table, instead you can grab the value of one specific field from your DB, increasing performance. Unfortunately if they don't log out every time, this method is not useful, unless you also store their login time and log them out after a certain amount of time.
To try and solve the problem that a user may close the browser and not "log out", you may want to store sessions anyway, with a combination of the DB structure I proposed above.
In asp.net you can add a file called global.asax. This file has application-level events, including Session_Start and Session_End. This will make it easy to track sessions, if you're using a database for that or not.
You need to keep track of the users that are currently logged in in your database. Sev gives some good ideas on how to accomplish it. But as also mentioned in a comment to his answer, you can not just mark a user as logged out when he clicks the 'logout' button, because many users will just close the webpage without logging out properly.
So you need a session managment that automaticly expoires a session after so andsomayn seconds of user inactivity.
In my online banking software, this is something like 90 or 120 seconds (higher security), in amazon.com it is at least several hours (better customerexperience). How long you set this timeout depends on the secific requirements of your application.
Anyway, this is a rather common problem,so there should be a few frameworks out there that already implement this.
I think this is suited to Application context processing.
Just don't save these thing in MS sql because its wasted resourced to connect to database.
The simplest approach is to create an singleton object to keep data about number of online user. This object may be instantiated in Application_Start event
Everytime a login action happens, lock the object, udpate current user count, then release the lock.