Prevent multiple logins

I. Ideas:

1. When sessionstate is inproc, a new session object is generated each time an IE window is opened. Each session ID is unique (StateServer maintains a session and cannot use sessionid );

2. Use sessionid as the key and user ID as the key value. Add the user's logon information to the key-value pair set and save it to the application;

3. During each login, after the user ID and password are verified successfully, check whether the user ID already exists in the collection. If yes, obtain the corresponding key, set the value of the key to null;

4,

II. Implementation:

1. Process on the logon page:

Dictionary <string, string> DIC = NULL; If (application ["logininfo"]! = NULL) {string sessionid = ""; // The sessionid of the previously logged-on user. // obtain the logon information of each logged-on user. DIC = (Dictionary <string, string>) application ["logininfo"]; foreach (VAR item in DIC) {// the user ID already exists, that is, the user has logged on to If (item. value = userid) {// retrieve the key sessionid = item of the record. key; break ;}// the currently logged-on user has logged on, and the set value is set to null if (! String. isnullorempty (sessionid) {DIC [sessionid] = "" ;}} else {DIC = new dictionary <string, string> ();} // store the unique sessionid and user ID if (! Dic. containskey (Session. sessionid) {dic. add (Session. sessionid, userid); // store the login information to application. lock (); application ["logininfo"] = DIC; application. unlock ();}

 

2. Create a page base class for each page to inherit. Add the oninit () method to it for processing:

Namespace outctrl {public class basepage: system. Web. UI. Page {protected override void oninit (eventargs e) {If (application ["logininfo"]! = NULL) {// obtain the stored application value dictionary <string, string> DIC = (Dictionary <string, string>) application ["logininfo"]; foreach (VAR item in DIC) {// sessionid is the same, which is the information of the current user if (item. key = session. sessionid) {// If (string. isnullorempty (item. value) {dic. remove (Session. sessionid); application. lock (); application ["logininfo"] = DIC; application. unlock (); response. write ("<SCRIPT> ale RT ('your account has been logged in elsewhere, and you are forced to go offline! '); Top. location. href = '.. /login. aspx '</SCRIPT> "); // response. redirect ("default. aspx "); response. end ();}}}}}}}

 

3. Set an exit page (or exit button) and use session. Abandon () to end the current session object and call the session_end event of the global file;

4. Add a handler to the session_end event:

// The code that runs when the session ends. // Note: The session_end event is triggered only when the sessionstate mode in the web. config file is set to // inproc. If the session mode is set to StateServer // or sqlserver, this event is not triggered. // Obtain the stored application value if (application ["logininfo"]! = NULL) {dictionary <string, string> DIC = (Dictionary <string, string>) application ["logininfo"]; If (DIC. containskey (Session. sessionid) {// clear the current sessionid dic. remove (Session. sessionid); application. lock (); application ["logininfo"] = DIC; application. unlock ();}}