I have online quiz site in which i need to restrict user once he log in and if he trying
to login on other browser or other tab with same browser.
I want to give you a hint
Restrict in another browser
"Separate browser has different session id" so in your case when you logged in store session id and if user try to logged in with another browser then you need to check for session id.
Restrict in same browser
if (!Session.IsNewSession && Request.UrlReferrer == null)
{
// new tab opened
}
go through following link it may help you
Check it out
What if you just mark the user as logged in the db when they log in? When they try to login again just check if they are currently marked as logged in, if so do not let them in. reset that flag when they log out or after a period of time, as the might not necessarily log out, they could login do the quiz and just close the browser.
Related
my name is Prince. I'm a web developer in Asp.net(new) and I'm trying to create a function in which users can login into my site and I'll keep them logged in as long as they don't log out.
I thought of inserting their username and password into cookies, but I was informed that cookies are insecure. So I'm looking for a way to store their user Id and password. So when my page loads my code will go to where the user id and password are stored and log them in if its authenticated or exists in the database, else it'll direct them to the login page so they can log in. P.s on click of my login button it selects the values from the user id and password text boxes and inputs them the cookies or variables. Please if you need my to clarify myself or explain further I will gladly.
The summary of this is I want to create auto login and I need secure variables to store my user details e.g cookies, so the browser can access them(the cookies) the next time they(the user) come to my site and automatically log them in.
I am working on one web application in which i want to make sure that website allow only one login per user at a time on one browser only.It means if a user is logged in from chrome than that user can not log in from internet explorer or any other browser from the same id at a time.
If he tries to log in from another browser than a message should be displayed saying he is already logged in from a browser and if he wants to continue in another browser than he should get automatically logout from the first one.
Please suggest code for this in asp.net.
You need to have status column in your table and make its datatype boolean, so When a user logged in update that status into true, and when a user logged out then update status into false. Whenever a user try to login then you need to check status for that user, if status already true, show a message that a user already logged in, if false, then allow for login.
I'm using sessions for my login page that will hold the userId in a session. If two different users are logged using the same system and same browser but with separate tabs of the browser, the session value of userid is getting reset to the user who logged in last. Why?
there would be only one sessionID saved (in cookie) for a domain by the browser, which would be returned to server on subsequent postbacks to identify the session..
if you open another tab and login as other person, then the latest sessionID will override the previous..
So its not possible to have different logins on a same browser..but to use a different browser(not another instance of same browser)
If you are tracking authenticated users with cookies there is no way to achieve this because cookies are shared between browser tabs. It's the same with most sites. Take for example Gmail: you sign-in with one account, then you open a new tab and you are automatically logged in with the same user because the cookies are shared.
In order to achieve what you are asking you basically will have to change the way you are tracking your authenticated users. You should no longer use cookies.
2 possibilities come to mind:
Use a hidden field on each page that will contain the session id
Append the session id to the query string of all requests
Its not possible since sessions are shared between tabs. They need to use different browsers or the last user session will delete the previous user session
Internet Explorer offers a "New Session" feature on its File menu. This will allow a second user to login to your site whilst another is already logged in. However this will launch a new window, its not possible to run a separate session in another tab.
Other browsers may offer a similar function.
So its a ASP.NET problem where two users using the same machine, same browser.
User 1 logs in the domain.
User 1 changes some data without saving it.
User 2 logs in the domain in a separate tab.
User 1 switches back to his tab and saves the data.
User 1 actually saved the data into User 2!!
This is caused by the following mechanism:
Different tabs in the same browser seems to share the same session id.
We are storing user auth in cookie and the cookie is shared between tabs (same domain)
Therefore, when User 1 request to save, it is recognized as User 2 since the cookie has been updated to User 2.
So I'm wondering if there's any other methods to prevent this from happening, other than:
1. Use cookieless session so the session is embedded in uri.
2. Always include a hidden field in page to indicate which user owns the page.
Regards,
You could add some fields in the database to track that the user is logged in, and grab their IP address, and restrict access that way.
IE8 has a "New Session" command in the file menu that opens a new window, but that's pretty much like using 2 different browsers.
Hiding the login form until the current user is logged out will raise awareness that another user is logged in but won't prevent the above scenario. If the logout process could refresh each page in the browser on the domain then it might work, although user1 would loose all modified data.
I used the trick of opening a new window with a specific name and always make sure that any page will open always use that window.
I am maintaining a session for user login.
Consider a scenario that, User working on page20 with his account credential.
He is idle for the session variable time out. Then he start working on page20 and click link of page21.Here session is expired so he'll redirect to Login page.
After successful logged in, User should redirect to the page21.
So how do I achieve it?
The first method that comes to mind is to send the information through a get/post-variable. When you perform the session-check at page21 (I assume) and redirect the user to the login page, you can append the pagename to the address, i.e. redirect to something like www.xyz.com/login.htm?page21 (or if you don't want the pagename to be visible, use post instead). Then simply use that information when the user logs in again to redirect him/her to page21.
Hope that helps.
if you are using forms authentication, there is an inbuilt mechanism to do that, here it is. It will automatically redirect the user to the URL Referrer page
If (FrameworkManager.Authenticate(username, pwd)) Then
System.Web.Security.FormsAuthentication.RedirectFromLoginPage(username, rememberme)
end if
Really it depends on how you're using your session. If you're keeping all of the information the user enters on screens 1-20 in session, you're going to lose it all once their session expires, so you're out of luck anyway.
If you're storing everything from each page in a database, or some other mechanism, then it should be easy to tell what the last piece of information the user entered. Alternatively, you could also store the url or name of the last page the user submitted in the database.
When they log in, determine which page they should be on, then just redirect them.
If you are doing a Server.Transfer to the login page than Request.Urlreferrer would be URL of the Page21.
Where would you put this code?
If (FrameworkManager.Authenticate(username, pwd)) Then
System.Web.Security.FormsAuthentication.RedirectFromLoginPage(username, rememberme)
end if
If user wants to login again through another browser then in this situation you must add status column in your database and check if the status is true
then you have to redirect this user on last visited page.So save the visited page through cookies and get back page name and redirect on the page.