2. ASPRunnerPro General questions
  3. Limiting multiple user Logins
This topic is locked

Limiting multiple user Logins

 		8/22/2007 17:58:38
ASPRunnerPro General questions
A
 ac163601 author

Hi, Sergey/Jane.

I'm setting up my project to limit the access levels of different users. However, users being users, there will no doubt be leaked passwords etc.
Is there any way to limit the number of sessions which can be opened using a single user id. i.e one login cannot be used by two different people at the same time?
thanks
Sergey Kornilov admin 8/23/2007

You can do this using events. Here is an example of how it can work

  1. Add two fields to the Login table

    InUse Yes/No field

    LastAccessTime Datetime
  2. When someone logs in use AfterSuccessfulLogin event to set InUse to 1 and LastAccessTime to the current date and time
  3. When user logs out set InUse to 0
  4. Add a code to include/header.asp file to update LastAccessTime with the current timestamp. This allows you to see if user is still on the website.
  5. In BeforeLogin event check InUse and LastAccessTime fields for this user and do not allow to login if InUse is set to 1 and the difference between LastAccessTime and the current time is less than 20 minutes.
A
 		ac163601 author 8/24/2007

Thanks Sergey,

outside of using your program, my coding is very limited, could you give an example of what is required, (and whereabouts) in the header to update the now() information?
Cheers

Andrew
Sergey Kornilov admin 8/24/2007

Andrew,
to implement this you need to know some ASP and SQL.
header.asp is the file that you need to create and put to "include" directory.
customcode 8/25/2007

Hi, Sergey/Jane.

I'm setting up my project to limit the access levels of different users. However, users being users, there will no doubt be leaked passwords etc.
Is there any way to limit the number of sessions which can be opened using a single user id. i.e one login cannot be used by two different people at the same time?
thanks


Create a table with 3 secret security questions for each user and randomly prompt the user to answer the questions. Wrong answer denies access.