检查用户在asp.net网站已经登录 [英] Check if user is already logged in asp.net website
问题描述
我开发其中要求用户登录到系统,以便能够使用它的网站。目前的功能是:
当用户输入用户名和密码,检查在DB做检查,如果该用户存在,如果他进入了正确的密码。
只有这样,允许该用户登录。
I am developing a website where in user is required to login to the system to be able to use it. The current functionality is: When user enters username and password, a check is made in DB to check if that user exists and if he has entered a correct password. Only then allow that user to login.
这是罚款,直到这一点,现在客户想多一个功能添加到日志记录功能,即客户愿意为该用户存在限制仅1会话。
It was fine till this point, now client wants to add one more functionality to the logging feature, ie client would like to restrict only 1 session for that user to exists.
IE浏览器。如果USER1从PC的一个浏览器登录,那么他应该
不允许从另一个系统或相同的另一浏览器登录
PC。
ie. if user1 is logged in from one browser of the PC then he should not be allowed to login from another system or another browser of the same PC.
我该怎么办呢?我打算用我的数据库中的一个位字段,将在第1时间进行设置,当用户登录做到这一点。而且,如果他试图登录第二次检查现场,并仅允许该位字段未设置登录。
How do I do that? I was planning to do it using a bit field in my database which will be set when user logs in 1st time. And if he tries to logging 2nd time check that field and allow to login only if bit field is not set.
但我觉得它会导致一些问题,
But I feel it will cause issues,
1),如果用户误关闭浏览器的选项卡,并尝试再次登录,他将不能够这样做的位字段仍将在数据库中设置
1) if user by mistake closes the tab of the browser and tries to log in again he will not able to do so as the bit field will still be set in DB
2)时,将设置现场将有被用户是否错误地关闭浏览器时清空?
2) when will the set field will have be cleared if users closes the browser by mistake?
如果有实现它,那么你可以自由地指出我在正确的方向上任何其他方式。
If there is any other way to implement it then you are free to point me in a correct direction.
正如指出的一些老乡委员有重复这个问题,但这些问题并非真的是我期待的,因为他们使用的是基于表单的身份验证和我不是。
As pointed by some of the fellow members there are duplicates to this question but those questions are not really what I am looking for, as they are using form based authentication and I am not.
推荐答案
这是我如何管理与<一个帮助做href=\"http://stackoverflow.com/questions/2922502/limit-only-one-session-per-user-in-asp-net\">link通过 @Satinder辛格提供。
This is how I managed to do it with the help of link provided by @Satinder singh.
的Global.asax.cs
protected void Application_Start(object sender, EventArgs e)
{
Application["UsersLoggedIn"] = new System.Collections.Generic.List<string>();
}
protected void Session_End(object sender, EventArgs e)
{
// NOTE: you might want to call this from the .Logout() method - aswell -, to speed things up
string userLoggedIn = Session["UserLoggedIn"] == null ? string.Empty : (string)Session["UserLoggedIn"];
if (userLoggedIn.Length > 0)
{
System.Collections.Generic.List<string> d = Application["UsersLoggedIn"]
as System.Collections.Generic.List<string>;
if (d != null)
{
lock (d)
{
d.Remove(userLoggedIn);
}
}
}
}
Login.aspx.cs
protected bool Login(string userId)
{
System.Collections.Generic.List<string> d = Application["UsersLoggedIn"]
as System.Collections.Generic.List<string>;
if (d != null)
{
lock (d)
{
if (d.Contains(userId))
{
// User is already logged in!!!
string userLoggedIn = Session["UserLoggedIn"] == null ? string.Empty : (string)Session["UserLoggedIn"];
if (userLoggedIn == user_id)
{
Session["UserLoggedIn"] = user_id;
return true;
}
else
{
return false;
}
}
else
{
string userLoggedIn = Session["UserLoggedIn"] == null ? string.Empty : (string)Session["UserLoggedIn"];
if (userLoggedIn != user_id)
{
d.Add(userId);
}
}
}
}
Session["UserLoggedIn"] = userId;
return true;
}
使用上述code,我允许任何用户在任何时间登录一次。我用会话变量来检查,如果请求来自同一个浏览器,如果是这样,我让他/她来登录其他情况则抛出一个消息:你已经从另一个系统登录。
With above code, I am allowing any user to be logged in at any time only once. I used session variable to check if the request is from same browser, if so, I am allowing him/her to login else throwing a message "You are already logged in from another system".
这篇关于检查用户在asp.net网站已经登录的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
