Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > Keeping track of users LogIn

Reply
Thread Tools

Keeping track of users LogIn

 
 
Eric S
Guest
Posts: n/a
 
      03-02-2010
Hi All,

When I create a credential for users to log in, I can not allow them to log
in more then 2 different computers. Otherwise the user can provide the
Credential for 20 different people and will try hammer the server.

If user A logged in I can update a flag in a table called MemberInfo and
when he/she Logged out I can reset that flag and also have a counter of the
numbers of logins.... Or even can update the time he/she logged in.

a)
Problem is what happens when he closed the browser and did not log out?

b)
If the browser is crashed then there is no way for me to update the flag.

How would you handle this kind of situation?
Appreciate some code / Ideas.

Thanks,

Eric

 
Reply With Quote
 
 
 
 
Andy O'Neill
Guest
Posts: n/a
 
      03-02-2010

"Eric S" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Hi All,
>
> When I create a credential for users to log in, I can not allow them to
> log in more then 2 different computers. Otherwise the user can provide the
> Credential for 20 different people and will try hammer the server.
>
> If user A logged in I can update a flag in a table called MemberInfo and
> when he/she Logged out I can reset that flag and also have a counter of
> the numbers of logins.... Or even can update the time he/she logged in.
>
> a)
> Problem is what happens when he closed the browser and did not log out?
>
> b)
> If the browser is crashed then there is no way for me to update the flag.
>
> How would you handle this kind of situation?
> Appreciate some code / Ideas.
>
> Thanks,
>
> Eric
>


Intranet or web?

On an intranet you could use the user's windows credentials.
Either way, take a look at the membership provider.

 
Reply With Quote
 
 
 
 
Alexey Smirnov
Guest
Posts: n/a
 
      03-02-2010
On 2 Mrz., 19:58, "Eric S" <(E-Mail Removed)> wrote:
> Hi All,
>
> When I create a credential for users to log in, I can not *allow them to log
> in more then 2 different computers. Otherwise the user can provide the
> Credential for 20 different people and will try hammer the server.
>
> If user A logged in I can update a flag in a table called MemberInfo and
> when he/she *Logged out I can reset that flag and also have a counter of the
> numbers of logins.... Or even can update the time he/she logged in.
>
> a)
> Problem is what happens when he closed the browser and did not log out?
>
> b)
> If the browser is crashed then there is no way for me to update the flag.
>
> How would you handle this kind of situation?
> Appreciate some code / Ideas.
>
> Thanks,
>
> Eric


Consider another approach. For example, using client's IP address. On
login you can keep the IP and time in MemberInfo. After that this
information could be used to check if you could allow a logon or not.
If the same IP, then user is valid. If a different IP within say 20
minutes of the last use on another address then you must apply the
lockout rule.

This will not work if users coming out of the same router (e.g.
corporate proxy) - they all will have the same IP address. You may
also wish to save a short period encypted cookie to provide a session
marker upon logon.
 
Reply With Quote
 
Alexey Smirnov
Guest
Posts: n/a
 
      03-02-2010
On 2 Mrz., 19:58, "Eric S" <(E-Mail Removed)> wrote:
> Hi All,
>
> When I create a credential for users to log in, I can not *allow them to log
> in more then 2 different computers. Otherwise the user can provide the
> Credential for 20 different people and will try hammer the server.
>
> If user A logged in I can update a flag in a table called MemberInfo and
> when he/she *Logged out I can reset that flag and also have a counter of the
> numbers of logins.... Or even can update the time he/she logged in.
>
> a)
> Problem is what happens when he closed the browser and did not log out?
>
> b)
> If the browser is crashed then there is no way for me to update the flag.
>
> How would you handle this kind of situation?
> Appreciate some code / Ideas.
>
> Thanks,
>
> Eric


One more tip
http://teknohippy.net/2008/08/21/sto...urrent-logins/
 
Reply With Quote
 
Eric S
Guest
Posts: n/a
 
      03-02-2010
Hi Alexey,

Thanks for the reply it is informative...
Any suggested code (or blog somewhere) is also appreciated.

Regards,

Eric

"Alexey Smirnov" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
On 2 Mrz., 19:58, "Eric S" <(E-Mail Removed)> wrote:
> Hi All,
>
> When I create a credential for users to log in, I can not allow them to
> log
> in more then 2 different computers. Otherwise the user can provide the
> Credential for 20 different people and will try hammer the server.
>
> If user A logged in I can update a flag in a table called MemberInfo and
> when he/she Logged out I can reset that flag and also have a counter of
> the
> numbers of logins.... Or even can update the time he/she logged in.
>
> a)
> Problem is what happens when he closed the browser and did not log out?
>
> b)
> If the browser is crashed then there is no way for me to update the flag.
>
> How would you handle this kind of situation?
> Appreciate some code / Ideas.
>
> Thanks,
>
> Eric


Consider another approach. For example, using client's IP address. On
login you can keep the IP and time in MemberInfo. After that this
information could be used to check if you could allow a logon or not.
If the same IP, then user is valid. If a different IP within say 20
minutes of the last use on another address then you must apply the
lockout rule.

This will not work if users coming out of the same router (e.g.
corporate proxy) - they all will have the same IP address. You may
also wish to save a short period encypted cookie to provide a session
marker upon logon.

 
Reply With Quote
 
Eric S
Guest
Posts: n/a
 
      03-02-2010
Thanks Alexey and that's takes care of it.

"Alexey Smirnov" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
On 2 Mrz., 19:58, "Eric S" <(E-Mail Removed)> wrote:
> Hi All,
>
> When I create a credential for users to log in, I can not allow them to
> log
> in more then 2 different computers. Otherwise the user can provide the
> Credential for 20 different people and will try hammer the server.
>
> If user A logged in I can update a flag in a table called MemberInfo and
> when he/she Logged out I can reset that flag and also have a counter of
> the
> numbers of logins.... Or even can update the time he/she logged in.
>
> a)
> Problem is what happens when he closed the browser and did not log out?
>
> b)
> If the browser is crashed then there is no way for me to update the flag.
>
> How would you handle this kind of situation?
> Appreciate some code / Ideas.
>
> Thanks,
>
> Eric


One more tip
http://teknohippy.net/2008/08/21/sto...urrent-logins/

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Keeping track number of users using an application Jack ASP General 1 02-24-2006 06:52 PM
What file does Thunderbird use for keeping track of articles? Larry Spitz Firefox 1 09-06-2005 10:21 PM
Need help keeping track of users "online" (i.e. viewing the web si =?Utf-8?B?dHBlcnJp?= ASP .Net 4 07-12-2005 08:40 AM
Keeping track of online users Anders Steinlein Java 0 04-20-2004 10:12 PM
Keeping track of which user controls need to be loaded and which not John ASP .Net 0 07-08-2003 09:26 AM



Advertisments