How to prevent users from logging on multiple times in asp.net-practical tips

The common processing method is, in the user login, judge whether this user has already existed in the application, if exists on the error, does not exist then adds to the application (application is all session common, A unique object for the entire Web application):
string strUserID = Txtuser.text;
ArrayList list = Application.get ("Global_user_list") as ArrayList;
if (list = = null)
{
List = new ArrayList ();
}
for (int i = 0; i < list. Count; i++)
{
if (strUserID = = (List[i] As String)
{
Already logged in, prompting for an error message
Lblerror.text = "This user has logged in";
Return
}
}
List. ADD (strUserID);
Application.add ("Global_user_list", LIST);


Of course, the use of cache and so save can also.



The next step is to remove the user from the application when the user exits, and we can handle it in the Global.asax Session_End event:

void Session_End (object sender, EventArgs e)
{
Code that runs at the end of the session.
Note: Only the sessionstate mode in the Web.config file is set to
The Session_End event is raised when InProc. If the session mode is set to StateServer
or SQL Server, the event is not raised.
String strUserID = session["Session_user"] as String;
ArrayList list = Application.get ("Global_user_list") as ArrayList;
if (strUserID!= null && list!= null)


{
List. Remove (strUserID);
Application.add ("Global_user_list", LIST);
}
}


There is no problem, the problem is that when the user directly point to the top right corner of the browser to close the button when there is a problem. Because the direct shutdown, and will not immediately trigger the session expiration event, that is, to close the browser and then login will not go in.



There are two ways to handle this:


1. Use JavaScript mode

Add a section of JavaScript code to each page:

function Window.onbeforeunload ()
{
if (Event.clientx>document.body.clientwidth && event.clienty<0| | Event.altkey) {
window.open ("logout.aspx");
}
}



Because the onBeforeUnload method is executed when the browser is closed, refreshed, and the page is reversed, it is necessary to decide whether to click the Close button or press ALT+F4 to perform the actual shutdown.


The same method is then written and Session_End in the Page_Load of Logout.aspx, and the event is added to the logout.aspx: onload= "Javascript:window.close ()"


But there is still a problem, JavaScript may have different behavior in different browsers, and it is not judged when the file-> is closed.

2, using the XMLHTTP method (this method test down no problem)

Add the following JavaScript to each page (these javascript can also be written in common, each page will be introduced)



var x=0;
function Myrefresh ()
{
var HttpRequest = new ActiveXObject ("Microsoft.XMLHTTP");
Httprequest.open ("Get", "test.aspx", false);
Httprequest.send (NULL);
x + +;
if (x<60)//60 times, that is, the session real expiration time is 30 minutes
{
SetTimeout ("Myrefresh ()", 30*1000); 30 seconds.
}
}
Myrefresh ();



Set in Web.config

<sessionstate mode= "InProc" timeout= "1" ></sessionState>


The Test.aspx page is an empty page, but it needs to be added to the Page_Load:

Response.Expires =-1;


Ensure that the cache is not used and can be invoked to this page every time.

The principle is: Set session expiration Time is a minute, and then on each page timed every 30 seconds to connect a test page, to keep the session effective, a total of 60 times, that is 30 minutes. If the user does not operate after 30 minutes, the session expires. Of course, if the user closes the browser directly, the session will expire in a minute. This will meet the requirements.