在 ASP .Net 中防止单个用户多次登录 [英] Prevent multiple logons for a single user in ASP .Net

问题描述

我正在研究如何最好地防止单个用户帐户在 webforms 应用程序中多次登录.我知道 MembershipUser.IsOnline 存在，但我读过一些论坛和博客文章表明这​​可能不可靠，特别是在用户关闭浏览器(不注销)并尝试使用不同的机器或浏览器登录.

I am looking at how best to prevent a single user account logging on multiple times in a webforms application. I know that MembershipUser.IsOnline exists, but I've read a few forum and blog entries suggesting that this can be unreliable, particularly in scenarios where a user closes a browser (without logging out) and attempts to logon with a different machine or browser.

我考虑过实现最后一个帖子类型系统；当用户登录时，老用户只是被踢掉了.似乎 FormsAuthentication.Signout() 仅适用于当前用户.

I looked at implementing a last past the post type system; when a user logs on older users are simply kicked off. It seems that FormsAuthentication.Signout() only works for the current user.

我是否遗漏了一个技巧，是否有更好的方法来防止同一用户名从多个不同位置登录?

Am I missing a trick, is there a better way to prevent the same username logging on from multiple different locations?

推荐答案

我最近遇到了同样的问题，以下是我解决它的方法.我将一个值放入 X 分钟后过期的缓存中.在我的代码中，我每 Y 分钟(y

当用户尝试登录时，它首先检查凭据是否有效.如果是，则检查该用户的缓存值是否存在.如果是，我知道有人使用这些凭据登录.然后我允许用户取消或注销其他用户.如果他们单击 Log the other user out 缓存值将更改为新值，并且原始用户下次有上述 AJAX 回调时将重定向到登录页面.总体而言，它运行良好，我们的用户没有抱怨.

I had this same problem recently and here is how I solved it. I put a value into the Cache that expires after X minutes. In my code I have an AJAX callback every Y minutes (y

When a user tries to log on it checks first to see if there credentials are valid. If they are it then goes and checks to see if the cache value for that user exists. If it does I know that there is someone logged on with these credentials. I then allow the user to either Cancel or Log the Other user out. If they click Log the other user out the cache value is changed to the new value and the original user is redirected to the login page the next time they have an AJAX callback described above. Overall it works pretty well with no complaints from our user.

关于此技术的几点说明:

Several Notes on this technique:

1. 您不能将 SessionID 用作上面建议，因为它改变了每次会话变量是根据您的设置调用.我们第一次遇到这张脸第一次尝试使这项工作.

1. You cannot use SessionID as suggested above because it changes each time a session variable is called depending on your setup. We ran into this face first on our first attempt to make this work.

您可以让两个用户登录在启动前 Y 分钟所以要明智地选择你的时间.

You can have two users logged in for Y minutes before one gets booted out so choose your times wisely.

这篇关于在 ASP .Net 中防止单个用户多次登录的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！