The same user name cannot be logged on simultaneously in Asp.net (Single Sign-On)

Recently, I found some single-point logins and found this article, which seems to be feasible. I saved it first.

The common problem encountered in web projects is that the same user name is logged on multiple times, and there are many corresponding solutions. To sum up, these solutions: Put the user name after logon into the database table; the user name after logon is put into the session; the user name after logon is put into the application; the user name after logon is put into the cache. Generally, after logging on, if you do not exit normally, the second logon is not allowed. In this case, there is usually a problem: if the user does not exit the system normally, then when he continues to log on, the user will be denied to continue to log on to the system due to issues such as the session has not expired, you can only log on after the session expires. The method described in this article is similar to the MSN login method. The First Login will be canceled during the second login, and the First Login will be similar to the MSN pop-up: Your account has been logged on elsewhere, prompt message about force deprecation.
Functions are also relatively simple to implement:
Enter the following code after the user name and password are verified:

Hashtable hOnline = (Hashtable)Application["Online"];if(hOnline != null) { IDictionaryEnumerator idE = hOnline.GetEnumerator();string strKey = ""; while(idE.MoveNext()) { if(idE.Value != null && idE.Value.ToString().Equals(UserID)){ //already login strKey = idE.Key.ToString(); hOnline[strKey] = "XXXXXX"; break; } } } else { hOnline = new Hashtable(); } hOnline[Session.SessionID] = UserID; Application.Lock(); Application["Online"] = hOnline; Application.UnLock(); 

When a user logs on, the user name is placed in a global variable online. Online is in the hashtable structure, key is sessionid, and value is the user name. Each time a user logs on, the user determines whether the user name to be logged on already exists online. If the user name already exists, the user name corresponding to the sessionid logged on to the first user is forcibly changed to xxxxxx, indicates that the logon will be forcibly canceled.
Create a commonpage. All pages in the system are inherited from the commonpage. Add the following code to the background code of the commonpage:

Override protected void oninit (eventargs e) {hashtable honline = (hashtable) application ["online"]; If (honline! = NULL) {idictionaryenumerator ide = honline. getenumerator (); While (IDE. movenext () {If (IDE. Key! = NULL & ide. Key. tostring (). Equals (session. sessionid) {// already login if (IDE. value! = NULL & "xxxxxx ". equals (IDE. value. tostring () {honline. remove (Session. sessionid); application. lock (); application ["online"] = honline; application. unlock (); MessageBox ("Your account has logged on elsewhere, and you are forced to go offline! ", Login. aspx); Return false;} break ;}}}}

When refreshing pages that inherit from commonpage, you must execute the code in the overloaded oninit to retrieve online, find the user's sessionid, and determine whether the user name in the sessionid has changed. If yes, then force the server to go offline, clear the session, and go to the login screen.
Finally, you need to release resources when the session expires or the system exits. Add the following code to session_end in the global. asax file:

Hashtable hOnline = (Hashtable)Application["Online"];if(hOnline[Session.SessionID] != null){ hOnline.Remove(Session.SessionID); Application.Lock(); Application["Online"] = hOnline; Application.UnLock(); } 

If the user does not log out normally and then logs on again, the user's logon will not be affected because of the high priority of the logon, and the resources occupied by the user who does not exit normally will be automatically cleared after the session expires, does not affect the system performance. To ensure the security of the web system, you need to have the single-point logon detection function. Google made a small modification.
1)After the password is verified:

Hashtable honline = (hashtable) application ["online"]; If (honline! = NULL) {int I = 0; while (I 2)
Create a commonpage. All pages in the system are inherited from the commonpage (public partial class index: commonpage
), Add the following code to the background code on the commonpage:
Using system; using system. data; using system. configuration; using system. web; using system. web. security; using system. web. ui; using system. web. UI. webcontrols; using system. web. UI. webcontrols. webparts; using system. web. UI. htmlcontrols; using system. collections; /// <summary> /// commonpage prevents users from logging on to the public class commonpage: system. web. UI. page {public commonpage () {// todo: Add a structure here Function logic //} override protected void oninit (eventargs e) {hashtable honline = (hashtable) application ["online"]; If (honline! = NULL) {idictionaryenumerator ide = honline. getenumerator (); While (IDE. movenext () {If (IDE. Key! = NULL & ide. Key. tostring (). Equals (session. sessionid) {// already login if (IDE. value! = NULL & "xxxxxx ". equals (IDE. value. tostring () {honline. remove (Session. sessionid); application. lock (); application ["online"] = honline; application. unlock (); string JS = "<script language = JavaScript> alert ('{0}'); window. location. replace ('{1}') </SCRIPT> "; response. write (string. format (JS, "the account has been logged on elsewhere, and you will be forced to go offline (please keep your user password safe )! "," Logout. aspx? Cname = noadmin "); return;} break ;}}}}}
When refreshing pages that inherit from commonpage, you must execute the code in the overloaded oninit to retrieve online, find the user's sessionid, and determine whether the user name in the sessionid has changed. If yes, then force the server to go offline, clear the session, and go to the login screen.

3)
Finally, you need to release resources when the session expires or the system exits. Add the following code to session_end in the global. asax file:
Hashtable hOnline = (Hashtable)Application["Online"];    if(hOnline[Session.SessionID] != null)    {      hOnline.Remove(Session.SessionID);      Application.Lock();      Application["Online"] = hOnline;      Application.UnLock();    }