how to prevent the user repeat-login_问答_开发者

开发者 https://www.devze.com 2023-02-26 14:42 出处：网络

In my application,I do not want two user login with the same login name. For example, user1 login with name \"test1\",then user2 try to login with \"test1\" too,but at this moment the user1\'s formau

In my application,I do not want two user login with the same login name.

For example, user1 login with name "test1",then user2 try to login with "test1" too,but at this moment the user1's formauthentication does not expire,so the login of user2 should be denied.

I created a cache class to record all the activ开发者_运维知识库e session:

public class SessionDb {
    private static Dictionary<string, HttpSessionState> sessionDB=new Dictionary<string, HttpSessionState>();
public SessionDb() {
}

public static void addUserAndSession(string name, HttpSessionState session) {
    sessionDB.Add(name, session);
}

public static bool containUser(string name) {
    //in fact,here I also want to check if this session is active or not ,but I do not find the method like session.isActive() or session.HasExpire() or something else.
    return sessionDB.ContainsKey(name);
}

public static void removeUser(string name) {
    if(sessionDB.ContainsKey(name)) {
        sessionDB.Remove(name);
    }
}

}

In the login.aspx.cs:

//check the name and password

if(checkNameAndPass(sUserName, sUserPwd)) {
    if(!SessionDb.containUser(sUserName)) {
        //let the user login
        Session["current_user_name"] = sUserName;
        SessionDb.addUserAndSession(sUserName, Session);
        FormsAuthentication.RedirectFromLoginPage(UserName.Text, false);
    }
    else {
        //
        this.error.Text=string.Format("user {0} have logined!", sUserName);
    }
}

Global.asax:

void Session_End(object sender, EventArgs e) 
{
    SessionDb.removeUser(Session["current_user_name"].ToString());
}

But it seems that it the Session_End() method is called at some time according the timeout setting in the sessionState.

Obviously I need the the SessionDb remove the related session when the authentication timeout.

Any idea to improve my code? or any other idea to implement my requirement?

I just do not want the user repeat-login(with the same name).

UPDATE:

BTW,I think my code also have some problems: I store the log in token using the Session,but how about if the formauthentication have timeout but the session does not?

If you are using a Membership provider:

A user is considered online if the current date and time minus the UserIsOnlineTimeWindow property value is earlier than the LastActivityDate for the user.

from MSDN Article

so you can simple use the check

Membership.IsOnline();

before you login the user.

In asp.net site how to prevent multiple logins of same user id?
Another approach (Disclaimer: I have not tested this.):

In the web.config add userIsOnlineTimeWindow to 1 and in the loggingIn event handler:

protected void Login1_LoggingIn(object sender, LoginCancelEventArgs e)
{
  MembershipUser u = Membership.GetUser(Login1.UserName);
  Response.Write(u.IsOnline);
  if (u.IsOnline)
  {
    Login1.FailureText = "A user with this username is already logged in.";
    e.Cancel = true;
  }