Providing only one user login with ASP.Net.
Generally, the best way is to implement a provider setting that checks the last login, and also add methods to your code to track user actions.
The key is that you need to know when the last user did something or log out. From there, you can determine if the account is actually ready. If you set up tracking for these items in your code, you can then change the validation membership provider so that the account can sign in.
source to share
Conceptually, you must decide how you want to respond. If you have user A logged in and then user B tries to log in (using the same credentials), follow these steps:
- Kick User A out
or
- Do not allow login from user B
(2) is problematic because you need to reliably know that user A is logged out in order to determine whether to log in. User B. The user might just look at a page on your site for a while, so doing over time might not be the best. Maybe some kind of AJAX watchdog timer that calls your site every 30 seconds.
(1) also requires some work. When a user is logged in, you will want to store their cookie value (possibly in a database) and add it to the list of issued cookies for that user. This way, only the last cookie (last login) will be accepted. If you see one of the earlier cookies, then you will record that person.
source to share
I am creating a table with a user id. Each time a user logs in, the system generates a unique identifier that is stored in a table by the user id as well as a session variable.
Every writeback or paging process, the key stored in the session variable is checked against the last key for that user stored in the database. If a second user logs in with the same account, the system will create a new unique identifier so that when the first user submits back or changes pages, the key stored in his session variable will be different from the key in the table, indicating that the account was opened elsewhere.
I am planning a nightly process to remove old ids from a table
source to share