Preventing Simultaneous Logons
(Page 1 of 4 )
The other day, I was transacting online with my personal banker while chatting with a friend of MSN Messenger, discussing my plans for the weekend. Suddenly, a thought occurred to me: have you ever tried being online in Messenger from two different computers at the same time? I’ve tried it and was logged out from the first computer (i.e. the latest logon session is retained and the user is automatically signed out from the other session). This article demonstrates the use of the
Cache object in ASP.NET to prevent multiple logons from the same user account to a Web-based system.
Thinking along the same lines, I was really curious about what would happen, if my wife logged on to the same banking system at the same time and transacted. Of course, transaction levels would have been defined properly in the application. However, thinking in terms of nuts and bolts, I was wondering what one could do about it. Can something be done about it at all? Is the crux of the problem really session re-duplication? Or do I have to prohibit the user from simultaneous logons? How? Do I have to track IP addresses? What about all the proxy, firewall, subnet funda?
Thanks to the Cache object in the ASP.NET application framework, I was able to prevent a user from logging on to a system from simultaneous locations. Yes, I was able to prevent two sessions from being created for the same user account.
Does that mean that there is no other solution to this problem? One obvious solution to this problem is to have a flag as part of the user object in the Datastore and toggle it whenever the user logs in and logs out. “Better untaught than ill taught,” goes an old saying. Before proceeding to the Cache based solution, I think it is only fair on my part to explain the above-mentioned solution and discuss its advantages and disadvantages. I would like to refer to this approach as Traditional.
Next: The Traditional Approach >>
More ASP.NET Articles
More By Vadivel Mohanakrishnan
/ 20 
