Asp. NET ways to prevent users from logging on multiple times

A common way to do this is to determine if the user is already present in the application when the user logs in, and if there is an error, it is added to the application if it does not exist (application is common to all sessions, A unique object for the entire Web application):

The following is a reference fragment:

string strUserID = Txtuser.text;

ArrayList list = Application.get ("Global_user_list") as ArrayList;

if (list = = null)

{

List = new ArrayList ();

}

for (int i = 0; i < list. Count; i++)

{

if (strUserID = = (List[i] As String))

{

Already logged in, prompting for an error message

Lblerror.text = "This user is logged in";

Return

}

}

List. ADD (strUserID);

Application.add ("Global_user_list", LIST);

Of course, it is also possible to save it using the cache.

The next step is to remove the user from application when the user exits, and we can handle it in the Global.asax Session_End event:

The following is a reference fragment:

void Session_End (object sender, EventArgs e)

{

The code that runs at the end of the session.

Note: Only the sessionstate mode in the Web. config file is set to

InProc, the Session_End event is not raised. If the session mode is set to StateServer

or SQL Server, the event is not raised.

String strUserID = session["Session_user"] as String;

ArrayList list = Application.get ("Global_user_list") as ArrayList;

if (strUserID! = NULL && list! = null)

{

List. Remove (strUserID);

Application.add ("Global_user_list", LIST);

}

}

There is no problem, the problem is that when the user directly click the Close button in the upper right corner of the browser, there is a problem. Because it is closed directly, it will not immediately trigger the session expiration event, that is, close the browser and then login to log in.

There are two ways to handle this:

1, using JavaScript method

Add a piece of JavaScript code to each page:

The following is a reference fragment:

function Window.onbeforeunload ()

{

if (event.clientx>document.body.clientwidth && event.clienty< 0| | Event.altkey) {

window.open ("logout.aspx");

}

}

Because the onbeforeunload method will be executed when the browser is closed, refreshed, and page-reversed, it is necessary to determine whether the Close button is clicked or the ALT+F4 is pressed to perform a real shutdown operation.

Then write and session_end the same method in the Logout.aspx Page_Load, adding the event in logout.aspx: onload= "Javascript:window.close ()"

However, there is still a problem, JavaScript may behave differently in different browsers, and it is not judged when it is closed by file.

2, using the XMLHTTP method (this method test down no problem)

Add the following JavaScript to each page (these javascript can also be written in common, each page is introduced)

The following is a reference fragment:

var x=0;

function Myrefresh ()

{

var HttpRequest = new ActiveXObject ("Microsoft.XMLHTTP");

Httprequest.open ("GET", "test.aspx", false);

Httprequest.send (NULL);

x + +;

if (x< 60)//60 times, that is, the session real expiration time is 30 minutes

{

SetTimeout ("Myrefresh ()", 30*1000); 30 seconds

}

}

Myrefresh ();

Set in Web. config

The following is a reference fragment:

< sessionstate mode= "InProc" timeout= "1" ></sessionstate>

Test.aspx page is an empty page, just need to add in Page_Load:

The following is a reference fragment:

Response.Expires =-1;

Ensure that the cache is not used and can be called to this page every time.

The principle is: Set the session expiration time is one minute, and then on each page timed every 30 seconds to connect a test page, to keep the session valid, a total of 60 times, that is, 30 minutes. If the user does not operate after 30 minutes, the session will expire. Of course, if the user closes the browser directly, then the session will expire in a minute. This will satisfy the requirements.