P
P
Pavel2012-01-28 12:33:24
ASP.NET
Pavel, 2012-01-28 12:33:24

How to disable simultaneous work of several users in a web application under one account?

It is necessary to make a check so that only 1 user can log in to the system (web application on ASP.NET MVC) at the same time.
Those. if someone is already working under the user Vasya in the web application, and they try to log in from another computer under the same account, do not let them in.
Tell me how to check? I think ASP.NET or PHP does not matter - the principles in web applications are the same.

Answer the question

In order to leave comments, you need to log in

6 answer(s)
A
Anatoly, 2012-01-28
@taliban

Everything that was written above is corny about “storing the session in the database”. A regular session, while there is an active one for such a login, do not let anyone in it, if a person has left the computer and wants to log in from another place, the session has an “inactivity” time, although I think you understand how sessions work?

@
@ngreduce, 2012-01-28
_

I think it's better to throw out the old user. It will act strongly on the nerves, and conscientious users will not suffer much.

P
p4s8x, 2012-01-28
@p4s8x

As an option, write something constantly in the cookie and on the next transition, check it and write a new value, etc.

X
xaker1, 2012-01-28
@xaker1

As an option to save ip + browser and the time of the last action in the database. If they try to log in under Vasya, but the ip + browser does not match, and less than 5 minutes have passed since the last action (logout by timeout), then we issue a message that this user has already logged in.

D
Damir Abdullin, 2012-01-28
@damirazo

It has already been described above, but I will clarify how I did this myself. When authorizing a user (login to the site), I write the value of a special field in the database to the cookie (let it be security_token). When a user enters their login and password, the value of this field is generated anew, then updated in the database and written to cookies. On the site, when navigating through the pages, the value of this cookie, as well as the cookie responsible for authorization (which stores the session id), is compared with the data in the database. If the value of the cookie named security_token does not match the value in the database, it means that someone is logged in with the same login. And how to proceed depends on the requirements.

A
Anserchik, 2012-01-28
@Anserchik

As an option to the proposed ip + browser checks and “kicking out” when logging in from another computer:
when logging in, add a checkbox, if you check it, then you can’t “throw it out” from another computer (or just a browser) before the timeout ends.
Those. before authorization, there is usually a “remember” checkbox, but here it could be “pin”. If you checked it, you linked your account to this browser before the logout; if you didn’t check it, you can log in from another computer and you will be automatically “kicked out” from this one. I hope I explained well

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question