Sunday, March 6, 2011

Avoid Multiple Login for same User

Avoid multiple Login for same user


Description


This code Snippet is used to explained about how to avoid multiple login for same user. First of all Create one user maintenance login table
CREATE TABLE [dbo].[USR1](
 [usrcode] [varchar](50) NULL,
 [usrname] [varchar](50) NULL,
 [pwd] [varchar](50) NULL,
 [status] [varchar](1) NULL
) ON [PRIMARY]

GO

After that insert some values like this
usrcode usrname pwd status
ravi ravindran test123 N
  • usrcode denotes login user id
  • usrname denotes User name
  • Pwd denotes login user Password
  • status denotes login status

Login page Desgin Code


//use two text box for get user id and password

Login page Server Side Code


After Login we can update status of user record, because when same user/hacker try to access his account we can check status of user Y/N after that we allow to login.

Imports System.Data
Imports System.Data.SqlClient
Partial Class _Default
    Inherits System.Web.UI.Page
    Dim obj As New Methods
    Dim dt As New DataTable
    Dim dr As DataRow
    Protected Sub Button1_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles Button1.Click
        Dim sqlcmd As New SqlCommand
        Dim sqlcon As New SqlConnection
        Dim fselect As String
        Dim da As New SqlDataAdapter
        fselect = "select * from USR1 where usrcode='" & txtuname.Text.Trim & "' and pwd='" & txtpwd.Text.Trim & "'"
        sqlcon = New SqlConnection("server=SQLEXPRESS;database=test;uid=xxxx;pwd=yyyy;")
        sqlcon.Open()
        sqlcmd = New SqlCommand(fselect, sqlcon)
        da = New SqlDataAdapter(sqlcmd)
        da.Fill(dt)

        If dt.Rows.Count > 0 Then
            dr = dt.Rows(0)
            If dr("status") = "Y" Then
                Label1.Text = "You cannot do proper logout before try after sometime"
                Exit Sub
            Else
                Session("username") = txtuname.Text
                Dim fetch As String
                fetch = "update USR1 set status='Y' where usrcode='" & Session("username") & "'"
                sqlcmd = New SqlCommand(fetch, sqlcon)
                sqlcmd.CommandType = CommandType.Text
                sqlcmd.ExecuteNonQuery()
                Response.Redirect("Default2.aspx")
            End If
        Else
            Label1.Text = "Invalid Login"
        End If

    End Sub
End Class


Login Success Page Desgin Code


//In this page i used just one log out link button

Login Success Server Side Code


If user click log out button we updated flag in USR1 table "N"
Imports System.Data.SqlClient
Imports System.Data
Partial Class Default2
    Inherits System.Web.UI.Page
    Protected Sub LinkButton1_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles LinkButton1.Click
        insert()
        Session.RemoveAll()
        Response.Redirect("Default.aspx")
    End Sub
    Public Sub insert()
        Dim sqlcmd As New SqlCommand
        Dim sqlcon As New SqlConnection("server=SQLEXPRESS;database=test;uid=xxxx;pwd=yyyy;")
        sqlcon.Open()
        Dim fetch As String
        Dim da As New SqlDataAdapter
        fetch = "update USR1 set status='N' where usrcode='" & Session("username") & "'"
        sqlcmd = New SqlCommand(fetch, sqlcon)
        sqlcmd.CommandType = CommandType.Text
        sqlcmd.ExecuteNonQuery()
    End Sub

End Class

Suppose user close browser instead of click log out button Follow this step

Global.asax Code


I can use Global.asax file because when user click log out button we can update "N" value in USR1 table but user can close browser, we must need to update value in Database table, that reason i used Global.asax file. When ever user close browser then Global.asax file Session_End method execute after session timeout time, so we can use update statement in this block.

Code for update from Global.asax File
<%@ Application Language="VB" %>
<script runat="server">

    Sub Application_Start(ByVal sender As Object, ByVal e As EventArgs)
        ' Code that runs on application startup
    End Sub
    
    Sub Application_End(ByVal sender As Object, ByVal e As EventArgs)
        ' Code that runs on application shutdown
    End Sub
        
    Sub Application_Error(ByVal sender As Object, ByVal e As EventArgs)
        ' Code that runs when an unhandled error occurs
    End Sub

    Sub Session_Start(ByVal sender As Object, ByVal e As EventArgs)
        ' Code that runs when a new session is started
        Session.Add("varName", "test")
    End Sub

    Sub Session_End(ByVal sender As Object, ByVal e As EventArgs)
        ' Code that runs when a session ends. 
        ' Note: The Session_End event is raised only when the sessionstate mode
        ' is set to InProc in the Web.config file. If session mode is set to StateServer 
        ' or SQLServer, the event is not raised.
        Dim obj As New ConMethod      'Here Conmethod is a VB Class and i write database update procedure on that method
        Dim fetch As String
        fetch = "update USR1 set status='N' where usrcode='" & Session("username") & "'"
        obj.UpdateData(fetch)
        
    End Sub
       
</script>


web.config


Use this below code for session time out under system.web
sessionState mode="InProc" timeout="1"


For testing purpose i put timeout value "1"

Summary


This code snippets helps to developers for avoid multiple login in web application using Global.asax file.
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)