在ASP.NET中每个用户仅限制一个会话
[英]Limit only one session per user in ASP.NET
问题描述
无论如何检测用户何时登录是否已经有另一个具有相同用户名的会话,并阻止他再次登录或向他发送消息?
5 个解决方案
解决方案1
17 已采纳 2010-05-27 15:43:16
You could always implement the events in global.asax. 
您始终可以在global.asax中实现事件。
Implement Application_Start() to setup a System.Collections.Dictionary (or at your preference) and store that in the Application[] collection, when a user logsin, add the username. 实现Application_Start()以设置System.Collections.Dictionary(或根据您的喜好)并将其存储在Application []集合中,当用户登录时,添加用户名。 Remove from the collection in Session_End(). 从Session_End()中的集合中删除。 Remember to use the 'lock' keyword while working with the collection :) 在使用集合时,请记住使用'lock'关键字:)
Have fun! 玩得开心!
Example: 例:
[page.aspx]
public partial class page : System.Web.UI.Page {
protected bool Login(string userName) {
System.Collections.Generic.List<string> d = Application["UsersLoggedIn"]
as System.Collections.Generic.List<string>;
if (d != null) {
lock (d) {
if (d.Contains(userName)) {
// User is already logged in!!!
return false;
}
d.Add(userName);
}
}
Session["UserLoggedIn"] = userName;
return true;
}
protected void Logout() {
Session.Abandon();
}
}
[global.asax]
<%@ Application Language="C#" %>
<script RunAt="server">
void Application_Start(object sender, EventArgs e) {
Application["UsersLoggedIn"] = new System.Collections.Generic.List<string>();
}
void Session_End(object sender, EventArgs e) {
// NOTE: you might want to call this from the .Logout() method - aswell -, to speed things up
string userLoggedIn = Session["UserLoggedIn"] == null ? string.Empty ? (string)Session["UserLoggedIn"];
if (userLoggedIn.Length > 0) {
System.Collections.Generic.List<string> d = Application["UsersLoggedIn"]
as System.Collections.Generic.List<string>;
if (d != null) {
lock (d) {
d.Remove(userLoggedIn);
}
}
}
}
</script>
解决方案2
3 2010-05-27 15:35:50
I've implemented this where when a user logs in it sets a flag in the DB that they are logged in. It was an int representing how many times they are logged in. We allowed two. 我已经实现了这一点,当用户登录时,它会在他们登录的数据库中设置一个标志。这是一个表示他们登录多少次的int。我们允许两个。 Then would just check that when validating the user. 然后在验证用户时检查一下。
解决方案3
2 2010-05-27 15:39:17
You can, by keeping track of users logged in, in your global.asax by using the Application object. 您可以通过使用Application对象跟踪用户登录的global.asax。
In the Session_Start method or your login method, you can check if the user is stored in the Application object. 在Session_Start方法或登录方法中,您可以检查用户是否存储在Application对象中。
On the Session_End method or in your logoff method, you'll need to remove the user from the Application object. 在Session_End方法或注销方法中,您需要从Application对象中删除用户。
解决方案4
1 2010-05-27 15:41:38
Don't store it in the DB if you cannot identify user logout event (they may click logout, close the tab, close the whole browser, or may just shutdown the computer...). 如果您无法识别用户注销事件(他们可能会单击注销,关闭选项卡,关闭整个浏览器,或者可能只是关闭计算机......),请不要将其存储在数据库中。 Use session to do the same checking instead. 使用会话来执行相同的检查。
解决方案5
0 2010-05-27 15:36:28
You could store the SessionID of a user in a database. 您可以将用户的SessionID存储在数据库中。 On each login, store a combination of Unique username and SessionID into the database. 在每次登录时,将唯一用户名和SessionID的组合存储到数据库中。 In the masterpage you include the query to the database, to check wether the last login for the currently used username was from the same session. 在母版页中,您将查询包含在数据库中,以检查当前使用的用户名的最后一次登录是否来自同一会话。 If not, abandon the session and redirect to the login page. 如果没有,请放弃会话并重定向到登录页面。
The behaviour I posted should log out the second user. 我发布的行为应该注销第二个用户。 You may change the Session.Abandon to your desired behaviour 您可以将Session.Abandon更改为您想要的行为
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.