Prevent double login using dbase

[Adam]

I am writing a web application for my intranet using ASP. (Hosted on Windows
2003 server, IIS)

The users have to login via a web form that is authenticated against a MS
SQL database. I then set a session variable that tracks the user throu the
system. By doing it this way, two or more people can be logged in using the
same username.

How can I prevent this? I need each user to only be able to login once.

Can I write to a filed in the database that states that they are loged in? I
could then have the logout button, in the app, clear that field. BUT, what
if they did no "Log Out"? How would I clear that field if they just close
the window?

Thanks,

Adam

 

[Mike Mueller]

Inline

Adam wrote:
: I am writing a web application for my intranet using ASP.
: (Hosted on Windows 2003 server, IIS)
:
: The users have to login via a web form that is
: authenticated against a MS SQL database. I then set a
: session variable that tracks the user throu the system.
: By doing it this way, two or more people can be logged in
: using the same username.
--- that is correct

: How can I prevent this? I need each user to only be able
: to login once.
: Can I write to a filed in the database that states that
: they are loged in?
---- Yes

: I could then have the logout button,
: in the app, clear that field. BUT, what if they did no
: "Log Out"? How would I clear that field if they just
: close the window?
--- Session variable will clear itself if not used for 15
minutes (default).

----What you may be able to implement is to place their IP
address into a db field when they login. and clear the field
when they logout. You can check that field when they do
login and assume whatever if they are logging in from a
different or same IP.
You may also be able to add have some script in the
global.asa file (beyond my knowledge) to clear that db field
when the session variable expires.