Article Discussion: Preventing Simultaneous Logons

The other day, I was transacting online with my personal banker while chatting with a friend of MSN Messenger, discussing my plans for the weekend. Suddenly, a thought occurred to me: have you ever tried being online in Messenger from two different computers at the same time? I?ve tried it and was logged out from the first computer (i.e. the latest logon session is retained and the user is automatically signed out from the other session). This article demonstrates the use of the Cache object in ASP.NET to prevent multiple logons from the same user account to a Web-based system.


Read the full article here: Preventing Simultaneous Logons

Is there a way to do this in a regular ASP site?

You could do it in ASP with a database and monitoring which users have logged in.

Essentially, it would be like this
1) The user logins in the use the applicaiton.
2) After validation, you enter a record in to a LoggedInUsers database table, with the users username.
3) When the session ends you remove the users record from the LoggedInUsers table.

In the meantime, when someone logs in you just check to see if a record exists in the LoggedInUsers table, if there is, then prevent them from logging in, because a session is already open for that user.

You articl is certainly food for thought. However I see a problem - a user oooops and accidently closes their browser. When they try to log back in they get refused. They would be somewhat miffed, I supose. I suspect that if you added a location identifier, such as the ip address of the current login, and allow that person to re-login from that ip (or even multi login) would be a necessary choice. Part of the refusal mesage would be the location so if someone wanted to track the duplicates they would have a hook to try.