Preventing Simultaneous Logons - The Solution
(Page 4 of 4 )
Getting back on the track of our course, we would be using the cache object with Sliding expiration and Application_PreRequestHandlerExecute of Global.asax to tackle this multiple login issue. As we have seen enough of the theory part, I think its time to look at some source code. For the purpose of testing, let us set the session timeout as 1.
Sample: Global.asax.cs
protected void Application_PreRequestHandlerExecute
(Object sender, EventArgs e)
{
if(Session["UserDetails"]!=null)
{
string strCacheKey = Session["UserDetails"].ToString();
string strUser = HttpContext.Current.Cache[strCacheKey].ToString();
}
}
Sample: Login Page
Private void BtnLogin_Click(object sender, System.EventArgs e)
{
string strConCat = TxtUserName.Text+TxtPassword.Text;
string strUser = Convert.ToString(Cache[strConCat]);
if (strUser==null || strUser.Equals(String.Empty))
{
TimeSpan SessTimeOut=new TimeSpan(0,0,Session.Timeout,0,0);
Cache.Insert(strConCat,strConCat,null,DateTime.MaxValue,SessTimeOut,
CacheItemPriority.NotRemovable,null);
Session["UserDetails"] = strConCat;
Response.Write("Welcome!");
}
else
{
Response.Write("Duplicate login not allowed !!");
return;
}
}
That’s it! Easy, isn’t it? (Don’t forget to include System.Web.Caching in the login page). The username is almost always unique so we could even avoid concatenating the username and password.
We can now compile the application and run it. After logging in, if you try to use the same username/password combination the application won’t authenticate you. The only way out is to wait until the Cache expires (I hope you now understand the reason for setting the session time out as 1). This holds good even if we try to login from two different browsers/machines.
Conclusion
The system requirement for testing this sample code is Windows 2000, XP or 2003 OS with IIS 5 (or 6) installed and .NET Framework 1.0. I have omitted the other necessary evils such as text editors! Happy programming!
| DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware. |
/ 23 
