Click here to Skip to main content
14,733,966 members
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more:

I have a requirement to avoid the same user being logged in from different systems at the same time.
(i.e ) At any point of time, user can be active from only one IP.

I am using custom tables and session objects to manage the user authentication process.
I thought to implement this using, session objects and events such as Session_OnStart and Session_OnEnd.

It seems that, session objects are not reliable and It's not guaranteed that Session_OnEnd event is fired properly.

Please, post your ideas on this.

Updated 11-Aug-10 1:36am

1 solution

When it is user based across systems then it cannot be using Sessions.

Option 1:
Maintain the Application object. Whoever login's should be added to it and removed on logut/browser close.
Whenever user logins, loop through the values in Application object. If you find the value that means he is already in. You can provide a mechanism to user to logout first and then re-login on that system.

Option 2:
Maintain the IP & userId in your database. Before logging into the system verify if it already exists. If not, allow login.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900