每个用户在ASP.NET中仅允许一次并发登录 [英] Allow only one concurrent login per user in ASP.NET
问题描述
在ASP.NET Web应用程序中每个用户只能允许一个并发登录吗?
Is it possible to allow only one concurrent login per user in ASP.NET web application?
我正在开发一个Web应用程序,在该应用程序中,我想确保该网站一次仅允许每个用户一次登录.如何检查当前用户是否已经登录?
I am working on a web application in which I want to make sure that the website allows only one login per user at a time. How to check that the current user already logged in or not?
请提出正确的登录方法,以解决此问题.我认为我们应该使用SQL Server会话状态来处理此问题.你有什么建议?
Please suggest proper login method by which we can handle this problem. I think we should use SQL Server session state to handle this problem. What do you suggest?
我想到了一个解决方案.我们可以做类似的事情:
I thought of one solution for it. We can do something like:
-
当用户登录系统时,我们在用户"列中插入会话ID. (我们将使用数据库会话,以便我们可以轻松获取所有与会话相关的数据,例如isexpired,expiredatetime等.)
When the user logs into the system then we insert session id in user column. (We will use database session so that we can get all session related data like isexpired, expiredatetime etc easily).
当同一用户再次尝试登录时,我们将检查该会话ID列,并检查该会话是否已过期.如果会话未过期,那么我们将不允许用户登录.
When the same user tries to login a second time then we will check for that session id column and check that session is already expired or not. If session is not expired then we will not allow user to login.
每次用户注销时更新用户会话ID.
Update user session ID every time when user logs out.
请建议这是否是正确的方法.
Please suggest whether this is the proper way or not.
推荐答案
请参考:
.NET开箱即用,不支持此功能.我确信您知道,.NET允许并发登录.
Out of the box, .NET does not support this. .NET allows for concurrent log-ins, as I'm sure you're aware.
我也有同样的要求,并提出了一个漂亮的解决方案,如上面的链接所示.简而言之,我的要求是一次只允许一个用户登录.如果相同的用户ID尝试在其他地方登录,则它将通过检查其他Session ID下的现有登录来终止第一次登录的会话(这使该用户ID可以从其多个实例登录)他们计算机上的网络浏览器[相同的会话ID],这很常见,但不是来自另一台计算机上的[Web浏览器] [不同的会话ID](例如,可能是由于某人窃取了其凭据).通过修改代码,您可能可以更改其行为-即,阻止第二次登录尝试,而不是终止已经处于活动状态且正在使用中的第一次登录.
I had this same exact requirement, and came up with a pretty slick solution, demonstrated in the link above. In a nutshell, my requirement was to only have one user log-in happening at one time. If that same user ID tried to log in elsewhere, then it killed the session for the first log-in by checking for an existing log-in under a different Session ID (this enabled the user ID to be logged in from multiple instances of their web browser on their computer [same Session ID], which is common, but not from a different computer [different Session ID] (possibly due to someone that stole their credentials, for example)). Through modification of the code you could probably change the behavior of this - i.e., prevent the second log-in attempt instead of killing the first log-in that's already active and in use.
当然,它可能无法100%地满足您的需求,所以请随时对其进行修改以满足您的需求.
Of course, it may not fit 100% to what you're needing, so feel free to modify it to fit your needs.
这篇关于每个用户在ASP.NET中仅允许一次并发登录的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
