Check if a Username is logged in already...

[martin_d_bell]

Hi,

I have successfully setup forms authentication using a SQL Server database to store Usernames, Passwords and Session variables to pass user information between pages within my ASP.NET vb application. I have come across a problem however when more than 1 person logs in using the same username and password. How can I check if a user is logged in already in another session within the application? If I can check whether a username is already in use (logged in) then I can stop the second person logging in using the same name and therefore eliminate the problem.

Any help would be appreciated, thank you.

Martin

 

[eramgarden]

maybe have a cookie...when users log in, keep track of it in that cookie. When they log out, delete it from the cookie. Always check the cookie when someone logs in...

Or do this in a database table.

 

[martin_d_bell]

Cookies or database table

Hi,

Thanks for your suggestion but how can I track that a user has logged out of the application if they simply close the browser. I may be wrong in thinking this but isn't the sub which is triggered on exit unreliable? I need a solid method of knowing when a user logs out.

 

[PlausiblyDamp]

In simple terms, you can't. You could provide them with a logout button and hope they remember to click it before closing the browser down, or failing that you will have to wait for the session to expire (default 20 minutes).
A more fundamental issue is why more than one person is using the same accoun, if both users need access why not have a seperate account for each?

 

[martin_d_bell]

More than one account

The users will be given seperate usernames but they are all going to be 1 digit off each other, for example, pro1, pro2, pro3. I cannot use real names as users because the users will change from time to time. I guess the only way around this is to hope that nobody logs in under the wrong name whilst someone else is logged in. The error message is messy you see and if I could stop them logging on in the first place it would be much tidier.

 

[Diesel]

Martin, did you get the login to work? Can your page recognize who is logged in? Can you post the core code. I have a database login, but the cookie is never created.

 

[martin_d_bell]

Login

My login works using Forms Authentication in the Web.Config and checks for users in a SQL Server table. Is this the type of solution you need? If so the code is below:

-------Web.Config------------------

<authentication mode="Forms" >
<forms name="AuthCookie" path="/" loginUrl="logon.aspx" protection="All" timeout="30"></forms>
</authentication>

<authorization>
<allow users="*" />
</authorization>
------------------------------------- replace "logon.aspx" to the page you want users directed to if they are not logged in


------------logon.aspx--------------------

Public Sub cmdLogin_Click(ByVal sender As System.Object, ByVal e As System.Web.UI.ImageClickEventArgs) Handles cmdLogin.Click

' Tests There is A User name
Dim cIn As Integer = 0
If txtUser.Text <> "" Then

SqlDAConfirmUsers.SelectCommand.CommandText = _
"SELECT userID, UserName, Password, SupplierID, AccessLevel FROM Users_Table" & _
" WHERE (UserName = '" & txtUser.Text & "' )" & _
" ORDER BY UserName"

'Fills the Dataset
SqlDAConfirmUsers.Fill(DsConfirmUsers1.POP_Confirmation_Users)

'Check that the users name is in the dataset
If DsConfirmUsers1.POP_Confirmation_Users.Rows.Count < 1 Then
Label1.Text = "Your Username was not recognised"
Exit Sub
End If

'Check that the username is not in the dataset more than once
If DsConfirmUsers1.POP_Confirmation_Users.Rows.Count > 1 Then
Label1.Text = "Username is duplicated, please contact the Administrator"
Exit Sub
End If

'Loops and Checks if the password is correctID
Dim cTable = DsConfirmUsers1.POP_Confirmation_Users
Dim cRow = DsConfirmUsers1.POP_Confirmation_Users.Rows
For Each cRow In cTable
If cRow("Password").ToString = Me.txtPassword.Text Then
cIn = 1
'These session variables carry the UserID, AccessLevel and SupplierID through to any page within the application
Session("UserID") = cRow(0).ToString
Session("AccessLevel") = cRow(4)
Session("SupplierID") = cRow(3).ToString

'This line lets the user into the system once all usernames and passwords are verified in the database
FormsAuthentication.RedirectFromLoginPage(txtUser.Text, False)

End If
Next

'Incorrect password
If cIn = 0 Then
Label1.Text = "Your Password is Incorrect"
DsConfirmUsers1.Clear()
End If

'Incorrect username
Else
Label1.Text = "Your Username was incorrect"
End If

End Sub