How to protect mulitple login for same user id using ASP.NET
In this article I have explained about how to avoid multiple login in the same website for the same user id. We keep the value in the database based on user login. In this application if user closes the browser then we update database value using Global.asax session_end Event.
Description:
In the same website user login with his/her login id two or more times using different browsers. But in the secured website we dont allow same user login several times, we can restrict to avoid multiple login.
How to avoid multiple login?
In this project i have update value in the sql table after user sign in to the application. For example i have maintained user details in the "usr" table. In this table i create another one new column "Status". If user sign in to the application the i change the update status of the user "Y", then if he click log out link then i update again that value "N".
Check user status during login time "Y" or "N". If "N" then allow to access. If value is "Y" then telll message already user is sign into the application.
How to update table value if user close the browser instead of click log out?
If user click log out button then we update value in the sql table "N" if suppose close the browser we can update value with help of Global.asax file. This file execute session end event (even user close the browser window) after session time is expired. we write the update code in the session end event of Global.asax file.
If user closed the browser window and not able to sign in again?
Yes, If suppose the user is closed browser window instead of click logout button. He/She cannot able to sign in to the application again untill previous session expired. If try to sign in to the application, the error message is tell your previous session time is expired.
Common class file:
public class Class1
{
SqlConnection sqlcon = new SqlConnection(ConfigurationManager.ConnectionStrings["Con"].ConnectionString);
SqlCommand sqlcmd;
SqlDataAdapter da;
DataTable dt = new DataTable();
public Class1()
{
//
// TODO: Add constructor logic here
//
}
public DataTable selquery(String query)
{
try
{
sqlcon.Open();
sqlcmd = new SqlCommand(query, sqlcon);
da = new SqlDataAdapter(sqlcmd);
dt.Clear();
da.Fill(dt);
sqlcon.Close();
}
catch (Exception ex)
{
throw ex;
}
finally
{
sqlcon.Close();
}
return dt;
}
public void Updval(String query)
{
try
{
sqlcon.Open();
sqlcmd = new SqlCommand(query, sqlcon);
sqlcmd.CommandType = CommandType.Text;
sqlcmd.ExecuteNonQuery();
}
catch (Exception ex)
{
throw ex;
}
finally
{
sqlcon.Close();
}
}
}
Global.asax file code
void Session_End(object sender, EventArgs e)
{
// this code is execute whenever user session is expired.
//That is even user close browser window instead of Log out after session time out time (default value 1 minute i mention in this project for testing purpose) this block execute
Class1 obj = new Class1();
try
{
obj.Updval("update Login_Table set status='N' where usrname='" + Session["uname"].ToString() + "'");
}
catch (Exception ex)
{
Response.Write(ex.ToString());
}
}
Source Code Detail:
Here with i have attached entire source code. Download it and try mulitple login for same user from different browser.
Front End : ASP.NET
Code Behind : C#
Conclusion:
Using ASP.Net Global configuration file we can remove entire session values when ever user close browser after session expired and also update database values.
very useful program,it helped me a lot