Avoid multiple user login

From: wezza (shoveyerspamupyer@ss.com)
Date: 09/20/02 

From: "wezza" <shoveyerspamupyer@ss.com>
Date: Fri, 20 Sep 2002 06:29:00 -0700

How about this:

when a user logs in - you store their IP address (server
variable REMOTE_ADDR) and login name in a
table 'LOGGED_IN'.

But first, before you store their entry in the table, you
check that they don't already exist with a different IP
address (ie. the 2nd user with the same login details). If
they do exist with a different IP, you could not let them
in or kick the other user out or whatever, and if they are
already logged in with the same IP then they are OK.

To avoid peoples details staying in the table when they
leave or timeout, you could use the Session_End event in
global.asax to delete the record when the user's session
ends as this is automatically fired when the session times
out or is cut short (as well as gracefully logging them
out if they can do that with a logout button or something?)

The only problem i can see is the possibility of the same
user logging in once, not logging out properly, then
trying to log in again after reconnecting to the net with
a different IP address, and the session still hasn't timed
out to remove their last login from the LOGGED_IN table.

hope this helps more

>-----Original Message-----
>Thanks very much for your reply.
>Yes, I am using form authentication to verify user info
in
>a database. Here is the scenario:
>1) User login using the account ABC and successfully
login.
>2) Another user got the login ID and password from his
>friend and login from another machine with the login ID
>ABC.
>
>How can I allow just one session to login with the same
>login ID? One solution is to kick out the first guy who
>login when the second guy try to login. But how? That was
>my question. I don't really understand how to solve this
>problem by "store them in a temporary
>table and then check the user against the table when they
>log in?"
>
>Thanks!
>Kelvin
>
>
>>-----Original Message-----
>>you don't say how your logins are authenticated but if
>you
>>are using a database you could store them in a temporary
>>table and then check the user against the table when
they
>>log in?
>>
>>>-----Original Message-----
>>>Hi everyone,
>>>
>>>Does anyone know a way to prevent people from logging
on
>>>to my ASP.NET web site with the same account at the
same
>>>time? Anyway to kickout an already logon session when
>>>someone login using the same logon ID?
>>>
>>>Your reply will be highly appreciated!
>>>Thanks,
>>>
>>>Kelvin
>>>.
>>>
>>.
>>
>.
>