Ways to prevent users from logging on multiple times in asp.net

Intermediary transaction http://www.aliyun.com/zixun/aggregation/6858.html ">seo diagnose Taobao guest cloud host technology Hall

In the Web development, some systems require the same user at the same time can only log on once, that is, if a user has logged in, if you log in before exiting, you need to error.

The common processing method is, in the user login, judge whether this user has already existed in the creator, if exists on the error, does not exist then adds to the creator (creator is all session common, One object for the entire Web application:

string strUserID = Txtuser.text;

ArrayList list = Application.get ("Global_user_list") as ArrayList;

if (list = = null)

{

List = new ArrayList ();

}

for (int i = 0; i < list. Count; I)

{

if (strUserID = = (List[i] As String)

{

Logged in, prompting for error messages

Lblerror.text = "This user has logged in";

Return;

}

}

List. ADD (strUserID);

Application.add ("Global_user_list", LIST);

Of course, the use of cache and so save can also.

The next step is to remove the user from the creator when the user exits, and we can handle it in the Global.asax Session_End event:

void Session_End (object sender, EventArgs e)

{

Code that runs at the end of the session.

Note: Only the sessionstate mode in the Web.config file is set to

Session_End event is raised when InProc. If the session mode is set to StateServer

or SQL Server, the event is not raised.

String strUserID = session["Session_user"] as String;

ArrayList list = Application.get ("Global_user_list") as ArrayList;

if (strUserID!= null && list!= null)

{

List. Remove (strUserID);

Application.add ("Global_user_list", LIST);

}

}

There is no problem, the problem is that when the user directly point to the top right corner of the browser to close the button when there is a problem. Because the direct shutdown, and will not immediately trigger the session expiration event, that is, to close the browser and then login will not go in.

There are two ways to handle this:

1. Use JavaScript mode

Add a section of JavaScript code to each page:

function Window.onbeforeunload ()

{

if (Event.clientx>document.body.clientwidth && event.clienty<0| | Event.altkey) {

window.open ("logout.aspx");

}

}

Because the onBeforeUnload method is executed when the browser is closed, refreshed, and the page is reversed, it is necessary to decide whether to perform a true shutdown by clicking the Close button or pressing ALT F4.

Then write and session_end the same method in the Page_Load of Logout.aspx and add the event to logout.aspx: onload= "Javascript:window.close ()"

But there is still a problem, JavaScript may have different behavior in different browsers, and it is not judged when the file-> is closed.

2. Use the XMLHTTP method (this method test is no problem)

Add the following JavaScript to each page (these javascript can also be written in common, each page can be introduced)

var x=0;

function Myrefresh ()

{

var HttpRequest = new ActiveXObject ("Microsoft.XMLHTTP");

Httprequest.open ("Get", "test.aspx", false);

Httprequest.send (NULL);

x;

if (x<60)//60 times, that is, session real expiration time is 30 minutes

{

SetTimeout ("Myrefresh ()", 30*1000); 30 seconds.

}

}

Myrefresh ();

Set in Web.config

Test.aspx page is an empty page, just need to add in Page_Load: Response.Expires =-1;

Ensure that you do not use caching, you can call this page every time.

The principle is: Set session expiration Time is a minute, and then on each page timed every 30 seconds to connect a test page, to keep the session effective, a total of 60 times, that is 30 minutes. If the user does not operate after 30 minutes, the session expires. Of course, if the user closes the browser directly, the session will expire in a minute. This will meet the requirements.

http://www.strive8.cn a lot of exchange!