In Asp. Net, users are prohibited from logging on multiple times (multiple times with the same name)

View the code of a chat room by yourself. The administrator can set the logon status for those who do not comply with the rules. For example, 0 indicates logon, and 1 indicates online, 2 indicates that the player is kicked out. You can set a time to change the status to 0 to allow the player to log on later. when this person has logged on, the status is 1 and the ID of the same person cannot be logged on again, because the current status is 1 and cannot be changed to 1, therefore, you can control multiple logins by one person.
Because the requirements for preventing single-point logon were used some time ago, I searched for many methods online, including Session and Cache. I tried both methods, in fact, cache and session also have timeout. If the user does not close the page normally, the cache still exists on the server. The result is that the user exits, or the user can log on only after the cache times out.
Finally, the colleague provides a method to create a table with three main fields: an automatic ID, a logon user ID, and a time. Then, add an iframe on the page, load an automatic refresh page, update the time in the table every × seconds, and then judge whether the time interval during logon is less than the set × second refresh time. If yes, you have logged on, if not, I did not log on to the study website of my organization. I will use this method after a certain period of time for students. Now I understand.
Determine whether the user already exists in the Application. If the user already exists, an error is reported. If the user does not exist, the user is added to the Application (the Application is a common object of all sessions and the entire web Application has a unique object ):
 
The following is a reference clip:
String strUserId = txtUser. Text;
ArrayList list = Application. Get ("GLOBAL_USER_LIST") as ArrayList;
If (list = null)
{
List = new ArrayList ();
}
For (int I = 0; I <list. Count; I ++)
{
If (strUserId = (list [I] as string ))
{
// The error message is displayed when you have logged on.
LblError. Text = "this user has logged on ";
Return;
}
}
List. Add (strUserId );
Application. Add ("GLOBAL_USER_LIST", list );
 
Of course, you can use Cache and other storage methods here.
The next step is to remove the user from the Application when the user exits. We can handle it in the Session_End event of Global. asax:
The following is a reference clip:
Void Session_End (object sender, EventArgs e)
{
// The code that runs when the session ends.
// Note: Only the sessionstate mode in the Web. config file is set
// The Session_End event is triggered only when InProc is used. If the session mode is set to StateServer
// Or SQLServer, the event is not triggered.
String strUserId = Session ["SESSION_USER"] as string;
ArrayList list = Application. Get ("GLOBAL_USER_LIST") as ArrayList;
If (strUserId! = Null & list! = Null)
{
List. Remove (strUserId );
Application. Add ("GLOBAL_USER_LIST", list );
}
}
 
There is no problem with this. The problem is that when you click the close button in the upper-right corner of the browser, the problem occurs. If the Session is closed directly, the Session expiration event will not be triggered immediately, that is, the Session will not be logged in after the browser is closed.
There are two processing methods:
1. Use JavaScript
Add a piece of javascript code to each page:
 
The following is a reference clip:
Function window. onbeforeunload ()
{
If (event. clientX> document. body. clientWidth & event. clientY <0 | event. altKey ){
Window. open ("logout. ASPx ");
}
}
 
Because the onbeforeunload method is executed when the browser is closed, refreshed, and the page is adjusted, You need to determine whether you have clicked the close button or pressed Alt + F4 to perform the true close operation.

Write the same method as Session_End in Page_Load of logout. aspx, and add the event onload = "javascript: window. close ()" to logout. aspx ()"

But there is still a problem. javascript may have different behaviors in different browsers, and it is not determined when it is closed through the file->.
2. Use the xmlhttp method (this method is not a problem after testing)
Add the following javascript to each page (these javascript can also be written in common, and each page can be introduced)
The following is a reference clip:
Var x = 0;
Function myRefresh ()
{
Var httpRequest = new ActiveXObject ("microsoft. xmlhttp ");
HttpRequest. open ("GET", "test. aspx", false );
HttpRequest. send (null );
X ++;
If (x <60) // 60 times, that is, the actual Session expiration time is 30 minutes.
{
SetTimeout ("myRefresh ()", 30*1000); // 30 seconds
}
}
MyRefresh ();

Set in web. config
<SessionState mode = "InProc" timeout = "1"> </sessionState>

The test. aspx page is an empty page, but you only need to add the following to Page_Load:

Response. Expires =-1;

Make sure that the cache is not used. You can call this page every time.

The principle is: Set the expiration time of the Session to one minute, and then regularly connect to the test page every 30 seconds on each page to keep the Session valid for 60 times in total, that is, 30 minutes. If the user does not perform the operation 30 minutes later, the Session will expire. Of course, if the user closes the browser directly, the Session will expire in one minute. In this way, the requirements can be met.

From the day of that year and month