Multi Login not allowed for a website

Question

0.00/5 (No votes)

See more:

Hi,

I have to create a website which should not have multiple login for same user not allowed.
I mean, say suppose my website is logged in from Machine A, when I try to login from Machine B, the website should logout from Machine A.
When I again try to login in Machine A, the application should trigger a logout at Machine B.

any help me for this implementation is appreciable.
Thank you

Posted 15-Jan-15 2:44am

sagar wasule

Add a Solution

Comments

ZurdoDev 15-Jan-15 8:50am

This is a bad idea, but I understand it may be necessary. All you need to do is track this in your db. There is no built-in functionality for this. You'll have to design and build it yourself.

2 solutions

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

PIEBALDconsult · Answer 1 · 2015-01-15T03:19:00

Solution 1

What I have done in the past is to issue (and store in the database) a "token" (guid) when a user logs in and that token must be provided for all subsequent access.
In your scenario, when the user logs in from machine B, a new token will be generated and the one that the process on machine A holds will no longer be valid so access from that machine will fail until a new login is performed from there.

I'm really surprised that this is not a common technique.

Posted 15-Jan-15 3:19am

PIEBALDconsult

Comments

DamithSL 15-Jan-15 10:30am

interesting, can you please add more details on how you handle/keep token in client side and how you handle when user connect from different browsers from same PC

Philippe Mori 15-Jan-15 12:20pm

Other browsers would be handled the same as distinct PC. How to keep the token is not much different that how the system remember that a user is logged on.

Liju Sankar · Answer 2 · 2015-01-15T06:09:00

Please try this link : Preventing a User From Having Multiple Concurrent Sessions

A common question asked regarding ASP.NET is how can you prevent a user logging on more than once at the same time. Unfortunately, the nature of ASP.NET means that you cannot tell if a user is logged in already. Sure you can log the fact a user has accessed your application, but there is no way to tell that they have abandoned their old session, perhaps by closing their browser, and that their new login is therefore valid.

The link contains a class SingleSessionPreparation which helps you keep track of GUID.