Hi!

I want to prevent that 2 different people using the same user/pass to login to the website at the same time.
Do i need application-variables, or is there an other way to check this?
If i need application-varibles, it would be very nice if u can explain me how to use them, becuse i never used them before.
Thank ya very much,
greets ben

Benyn,

It would be nice if we knew what programming language you were using...

Well, considering this is the ASP section of the forum, thats probably a good start.

I would look into Sessions. Once a user has a session active you can then just check the username that a person enters in the form against all active sessions and if it exists, then do whatever you like, namely not letting them log in again.

Quote:

Originally Posted by sdcdesign.co.uk

Benyn,

It would be nice if we knew what programming language you were using...

I'm using VBScript

Quote:

Well, considering this is the ASP section of the forum, thats probably a good start.

I would look into Sessions. Once a user has a session active you can then just check the username that a person enters in the form against all active sessions and if it exists, then do whatever you like, namely not letting them log in again.

Sessions are only avaiable on the machine on which they were createt...
So how could I check on computer B the sessions which are created computer A ?
I mean, when the user "jimmy" log on on comp A, session("jimmy") = "logged in", then on comp B the session("jimmy") is empty, because it wasnt created there.
Know what I mean, or have i got you wrong?

Save session state in a cookie

Quote:

Save session state in a cookie

That won't stop 2 people logging on at the same time.

I've never used them before, but I think your best bet would be Application variables. They work nearly the same as session variables

Application("MyVar") = "MyVal"

You'll probably want to create an Array to store a list of logged on usernames. When somebody loggs on, it checks to see if their name is already in the list or not, if it's not, it adds it. (Don't forget to remove it on logout, and remember some people don't explicitly log out, they just close the browser window, in which case do it from the Session_OnEnd event in Global.asa)

Application vars are expensive. Carefully use them.

If your website has more and more users, the application vars would grow larger with your requirement.
There will be some performance hit.
Sometimes, even session vars are also not reliable in Classic ASP ( VBS).

Instead use a db table to store the most active users and flush/refresh it for say at 20 minutes interval.
Check the login table and active users table for each login initiation.

I agree with vivekar and I use a similar approach.

When a person logs in I create my own SessionID and store that in a database table with the UserID and a LastActivity time stamp. I then set the SessionID on the browser as a cookie. All secure pages look for that SessionID on the database table if it exists then all is well. If it doesn't exist it asks them to log in.

Now, if a person logs in using the same UserID as an active user, it will assign that UserID a new SessionID effectively "kicking out" the original active user. There are a few other things involved, like code to delete sessions that have expired.

I've used this in more systems than I can count and so far it has worked great. I suggest you encapsulate all this functionality in a class so that you can easily include it in various projects.