1. Home
  2. Forums Index
  3. Server Side / Microsoft IIS Web Server and ASP.NET 4:03 am Apr 28, 2026

Forum Moderators: open

Message Too Old, No Replies

Restricting Simultaneous/Concurrent User Login with Same ID & Pwd

I want a soultion to restrict the users from loging into the site ..

         

srazi

6:40 am on Sep 14, 2004 (gmt 0)

10+ Year Member



Hi..
I've been working on a site ASP with MSSQL Database, which offers certain services & information pertaining to Tenders, Auctions & Cars.. thru Subscriptions..I need to apply a certain restriction that not more than one person be allowed to sign-in using the same UserName/Password..at one time... Kindly help...!
I'm posting the code for Login.asp page here, and appreciate the required modifications to the same at appropriate places to achieve the desired results..

<!-- #include virtual="/libs/lib_header.asp" -->
<!-- #include virtual="/Include/header2.asp" -->

<br>
<%
Dim SectionId, iCounter
Dim cnMilad, rsRst, strSQL

Set cnMilad = Server.CreateObject("ADODB.Connection")
cnMilad.CursorLocation = 3
cnMilad.Open Application("dbConString")

Dim UserName, Password, Flag

' Get the UserName & Password
UserName = Request("UserName")
Password = Request("Password")

If UserName = "" Then
Response.Redirect "/"
End If

If Len(Trim(UserName)) > 0 Then
strSQL = "SELECT SubscriberId, SubscriberEndDate " & _
"FROM NewSubscribers WHERE " & _
"(SubscriberUserName = N'" & UserName & "') AND " & _
"(SubscriberPassword = N'" & Password & "') And Freezed = 0"

Set rsRst = cnMilad.Execute(strSQL)
If rsRst.Recordcount = 1 Then

' Check If User Is Not Expired
If rsRst("SubscriberEndDate") > Date Then
' Store The Subscriber Information
Session("IsLogged") = True
Session("SubId") = rsRst("SubscriberId")
Flag = "SUCCESS"

Else
Flag = "EXPIRED"

End If

Else
Flag = "FAILED"
End If
Else
Flag = "FAILED"
End If

If Flag = "SUCCESS" Then
Response.Redirect "/My/"

ElseIf Flag = "EXPIRED" Then
%>

<Table align="center">
<tr>
<td>
<font face="Tahoma, Arial" size=3 >
<a href="/Registration/indextest.asp?UserName=<%= UserName%>">Your Subscription has Expired with Milad, Do you Want to Renew</a>
</font>
</td>
</tr>
</Table>

<br>
<%
Else
%>
<br>

<TABLE align=center>
<TR>
<TD><FONT face="Tahoma, Arial" size=3>Please Make Sure of Your User Name & Password..!</FONT> <BR>
<p><FONT face="Tahoma, Arial"
size=2>
</p>
<CENTER><A href="/index.asp"><B>Back</B></A></CENTER></td></tr>

<tr>
<td>
&nbsp;<CENTER>
<A href="/LostPassword.asp"><FONT color=red
face="Tahoma, Arial"
size=2>Did You forgot Your Password...?</FONT></A></CENTER>
</TD></TR>
</TABLE>
<br>
<%
End If
Set rsRst = Nothing
cnMilad.Close
Set cnMilad = Nothing
%>
<!-- #include virtual="/include/footer2.asp" -->
<!-- #include virtual="/libs/lib_footer.asp" -->
<p>&nbsp;</p>

Thanks SRazi.

[edited by: rogerd at 8:36 pm (utc) on Sep. 25, 2004]
[edit reason] No URLs please... [/edit]

Easy_Coder

11:15 am on Sep 14, 2004 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



I'd suggest using a lock switch on the users table but it appears that you've already done so. Is that what your using the [Freezed] column for?

What I don't see in your code is your method of flipping the switch on the lock once you've determined that your user is logged in. 


If Flag = "SUCCESS" Then 
 Rem - Before re-routing the user, set the lock...
 updateSql = "UPDATE NewSubscribers SET Freezed = 1 WHERE SubscriberUserName = blah AND SubscriberPassword=BlahBlah"
 Rem - Execute your sql string....
 Rem - Route the user...
 Response.Redirect "/My/"

srazi

8:30 am on Sep 15, 2004 (gmt 0)

10+ Year Member



No, actually the Freezed Field is Used to check whether the user is expired(his subscription is valid or not).
I've no idea as to how to apply the lock switch on the user..can you please elaborate,
keeping in view your suggestion of updating the Table, I may go for a provision of adding a "LogOff" button on the pages which appear when the user Logs in(also a message informing users to LogOff once they are done, otherwise they need to wait for 10 minutes before next login in case they close the window without logging off, to expire their session ), where I'm not getting the right coding sequence so as to create another field in NewSubscribers Table or Create a New table which holds the status of userlogin,
when the user logs in, the Login.asp page posted above should Update the related field, when someone else tries to login again using the same UserName & Password, he should be denied with an appropriate message(this should be checked once again at the same Login.asp Page), Once the User Clicks the LogOff button, the status should be changed,,,I think this should work fine, I'l be greatful I you could kindly guide me to code the above functionality, or an alternative method you suggest..!
Thanks...!

Easy_Coder

2:14 pm on Sep 15, 2004 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



srazi -

your on the right track... append your users table with an [active] column of type int that will be updated to true 1 (logged in) or false 0 (logged out).

Once your user is logged in the run the update script:
updateSql = "UPDATE NewSubscribers SET active= 1 WHERE SubscriberUserName = blah AND SubscriberPassword=BlahBlah"

Your new login script would look something like this:
strSQL = "SELECT SubscriberId, SubscriberEndDate " & _
"FROM NewSubscribers WHERE " & _
"(SubscriberUserName = N'" & UserName & "') AND " & _
"(SubscriberPassword = N'" & Password & "') And Freezed = 0 " & _
"AND active <> 1"

A cleaner approach would be to stuff the login & lock script into a single stored procdure that returned the elements that your currently pulling from the RecordSet Object.

woop01

2:19 pm on Sep 15, 2004 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



How do you determine if their session just times out so you can change the fied?

srazi

7:54 am on Sep 16, 2004 (gmt 0)

10+ Year Member



Thanks Easy_Coder for your post, but Woop01 has pointed to a very critical condition, how can we set the fields value back to 0 if the session times out...? :(
Is it possible to do it writing an update statement in the Session_OnEnd by checking the ActiveUser and setting the value for 0 before timing him out of session...!

dotme

11:57 am on Sep 16, 2004 (gmt 0)

10+ Year Member



I have a site where concurrent user logins is not permitted, however my approach was to only allow ONE login at a time. If a second user logs in with the same username and password, the first user is kicked out. I can provide code if this is an acceptable approach for you.

caspita

12:12 pm on Sep 16, 2004 (gmt 0)

10+ Year Member



To timeout the session you may need to add another field also, date and time of last activity for the user surfing the website. Then when you are testing the login you check if the last activity was <n> seconds ago and let the user login againg even if the flag of user logged is on.

Of course you need to update the last activity date and time field every time the user goes to a new page under the same session.

srazi

1:04 pm on Sep 25, 2004 (gmt 0)

10+ Year Member



Sorry For being away so long..!
Excellent Idea caspita
I've already got the same thing implemented....! and it works fine,,since we cannot track the user activity of closing the browser(Since HTTP is a stateless Protocol), restarting the system, power failure, I've set new field in Database, which tracks the user login and logoff...! Of-course Each of the Succeeding pages after login updates the said field with current time, if the site is inactive for a certain pre-determined period, the other user will be able to login, using the same user-name or password, or the same subscriber need to log-back again..!
I'm thankful for all of your support and comments..
Regards
SRazi.
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. Server Side / Microsoft IIS Web Server and ASP.NET 4:03 am Apr 28, 2026