preventing multiple logins

[Sameer]

one important problem i am facing is that my web solution
(asp.net) will be deployed on a webfarm. I am using sql
server session management on clustered sqlservers. but as
i need to prevent multiple logins through a
username/password (same credentials at a time) on the
website.

also session_end() event does not fire in sql server mode.

one solution is sychronized cache of webservers. and
maintaining usernames (loggedin) in the application cache.
This solution does not look like a robust solution.
suggest a standard solution.


please help me.

Regards
Sameer

 

[Cowboy \(Gregory A. Beamer\)]

A crude method would be to give the user a LastPageAccess property and a
LockedSession boolean property. When a user logs in, you set LastLoggedIn to
GetDate() (assuming SQL Server) and LockedSession to true. When a user logs
out, you set LockedSession to false.

When a user hits another page, update LastPageAccess.

The login rules are then:

LastPageAccess > Timeout
When LockedSession = true

If a user tries to open another session, they are refused. Crude but
effective. It will also teach users to use the log out button rather than
just let sessions timeout.

If you do not want as many hits to the database, you can store user infos in
an Application DataSet or cache of objects. I am not sure of the scalability
of that idea, however.

--
Gregory A. Beamer
MVP; MCP: +I, SE, SD, DBA

**********************************************************************
Think Outside the Box!
**********************************************************************