prevent多次登录在ASP.NET的单个用户 [英] Prevent multiple logons for a single user in ASP .Net

问题描述

我在看就多次在web表单应用程序如何最好地prevent单个用户帐户记录。我知道， MembershipUser.IsOnline 存在，但我读过暗示，这可能是不可靠的，特别是在用户关闭浏览器时的情景几个论坛和博客条目（不注销），并尝试用不同的机器或浏览器登录。

我看着落实最后的过去岗位类型系统;当老用户用户登录只是拉开序幕。看来， FormsAuthentication.Signout（）只适用于当前用户。

我缺少一个窍门，有没有prevent一个更好的方式相同的用户名从多个不同地点登录？

解决方案

最近，我有这个同样的问题，在这里

是我如何解决它。我把一个值是X分钟后到期的高速缓存。在我的code我每天Ÿ分钟AJAX回调（Y

当用户试图登录就可以先检查，看看是否有证书有效。如果他们是它然后进入并检查是否该用户的高速缓存值存在。如果是这样我知道，有一个人登录使用这些凭据。然后，我允许用户取消或者登录其他用户的。如果他们点击登录其他用户进行高速缓存值下一次更改为新值，原来的用户被重定向到登录页面，他们有上述的AJAX回调。总的来说它的工作原理pretty也没有从我们的用户投诉。

在此技术的几个注意事项：

1. 您不能使用的SessionID作为
   以上是因为它改变建议
   每次会话变量
   根据您的设​​置调用。我们
   遇到了这个脸先着我们
   第一次尝试，使这项工作。




2. 您可以有两个用户登录的
       Ÿ分钟前人会引导出
       所以选择你的明智倍。



3. 如果用户试图缓存之前登录
       到期（收盘后说
       窗口），他们将得到的消息
       另一用户已登录。


4. 当您设定缓存值，你不能只使用数字，因为他们与一些内部的东西ASP.NET冲突。请确保您添加一个关键价值的开始。

I am looking at how best to prevent a single user account logging on multiple times in a webforms application. I know that MembershipUser.IsOnline exists, but I've read a few forum and blog entries suggesting that this can be unreliable, particularly in scenarios where a user closes a browser (without logging out) and attempts to logon with a different machine or browser.

I looked at implementing a last past the post type system; when a user logs on older users are simply kicked off. It seems that FormsAuthentication.Signout() only works for the current user.

Am I missing a trick, is there a better way to prevent the same username logging on from multiple different locations?

解决方案

I had this same problem recently and here is how I solved it. I put a value into the Cache that expires after X minutes. In my code I have an AJAX callback every Y minutes (y

When a user tries to log on it checks first to see if there credentials are valid. If they are it then goes and checks to see if the cache value for that user exists. If it does I know that there is someone logged on with these credentials. I then allow the user to either Cancel or Log the Other user out. If they click Log the other user out the cache value is changed to the new value and the original user is redirected to the login page the next time they have an AJAX callback described above. Overall it works pretty well with no complaints from our user.

Several Notes on this technique:

1. You cannot use SessionID as suggested above because it changes each time a session variable is called depending on your setup. We ran into this face first on our first attempt to make this work.

2. You can have two users logged in for Y minutes before one gets booted out so choose your times wisely.

3. If a user tries to login before the cache expires (say after closing the window) they will get the message that another user is logged in.
4. When setting your Cache Value you cannot use just numbers as they conflict with some internal ASP.NET stuff. Make sure you add a key to the start of the value.

这篇关于prevent多次登录在ASP.NET的单个用户的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！