How to Prevent Asp.net users from logging on multiple times

During web development, the same user can log on only once in some systems at the same time. If a user has logged on, an error must be reported if the user logs on again before exiting. What are the solutions for this situation? When a user logs on, the user first checks whether the user already exists in the application. If the user exists, an error is reported. If the user does not exist, the user is added to the application (the application is shared by all sessions, the unique object of the entire web application ):

The following is a reference clip:

 

Code:

1. Stringstruserid = txtuser. text;
2. Arraylistlist = application. Get
3. ("Global_user_list") asarraylist;
4. If (list = NULL)
5. {
6. List = newarraylist ();
7. }
8. For (INTI = 0; I <list. Count; I ++)
9. {
10. If (struserid = (list [I] asstring ))
11. {
12. // The error message is displayed when you have logged on.
13. Lblerror. Text = "this user has logged on ";
14. Return;
15. }}
16. List. Add (struserid );
17. Application. Add ("global_user_list", list );

Of course, you can use cache and other storage methods here.

The next step is to remove the user from the application when the user exits. We can handle it in the session_end event of Global. asax:

Code:

1. Voidsession_end (objectsender, eventargse)
2. {
3. // The code that runs when the session ends.
4. // Note: Only the sessionstate mode in the web. config file is set
5. // The session_end event is triggered only when inproc is used.
6. If the session mode is set to StateServer
7. // Or sqlserver, the event is not triggered.
8. Stringstruserid = session ["session_user"] asstring;
9. Arraylistlist = application. Get ("global_user_list") asarraylist;
10. If (struserid! = NULL & list! = NULL)
11. {
12. List. Remove (struserid );
13. Application. Add ("global_user_list", list );
14. }
15. }

There is no problem with this. The problem is that when you click the close button in the upper-right corner of the browser, the problem occurs. If the session is closed directly, the session expiration event will not be triggered immediately, that is, the session will not be logged in after the browser is closed.

There are two processing methods:

1. Use Javascript

Add a piece of JavaScript code to each page: The following is a reference snippet:

Code:

1. Functionwindow. onbeforeunload ()
2. {
3. If (event. clientx> document. Body
4. . Clientwidth & event. clienty <0 | event. altkey ){
5. Window. Open ("logout. aspx ");
6. }
7. }

Because the onbeforeunload method is executed when the browser is closed, refreshed, and the page is adjusted, You need to determine whether you have clicked the close button or pressed Alt + F4 to perform the true close operation.

Write the same method as session_end in page_load of logout. aspx, and add the event onload = "javascript: window. Close ()" to logout. aspx ()"

But there is still a problem. Javascript may have different behaviors in different browsers, and it is not determined when it is closed through the file->.

2. Use the XMLHTTP method (this method is not a problem after testing)

Add the following JavaScript to each page (these javascript can also be written in common, and each page can be introduced). The following is a reference snippet:

Code:

1. Varx = 0;
2. Functionmyrefresh ()
3. {
4. Varhttprequest =
5. Newactivexobject ("Microsoft. XMLHTTP ");
6. Httprequest. Open ("get", "test. aspx", false );
7. Httprequest. Send (null );
8. X ++;
9. If (x <60) // 60 times,
10. // That is, the actual expiration time of the session is 30 minutes.
11. {
12. SetTimeout ("myrefresh ()", 30*1000); // 30 seconds
13. }
14. }
15. Myrefresh ();
16. Set in Web. config
17. The following is a reference clip:
18. <Sessionstatemode =
19. "Inproc" timeout = "1"> </sessionstate>
20. The test. ASPX page is an empty page,
21. You only need to add the following to page_load:
22. The following is a reference clip:
23. Response. expires =-1;
24. Make sure that the cache is not used. You can call this page every time.