No Multiple Login on Same machine but same browser allowed

Question

I have a simple requirement of not allowing a user to log into multiple browsers at a time. Same browser is fine.

What is the simplest thing which can be done?

Technlogy : .net 4.0 and sql sever 2008 R2

Answer 1

See my advices below:

1. Store LastActivityDate for each user. If you are using asp.net SqlMembershipProvider - this field exists there, if you use another authentication mechanisms - probably you need to create it and update with each request of certain user.
2. Add an additional boolean field LoggedIn for each user. This field will be set to true when user does login. If you are using asp.net SqlMembershipProvider you can store its value in Comment field.
3. When user closes the browser send request to server to 'logout' user, which means set LoggedIn field to false. Use window.onbeforeunload javascript event for that.
4. On user login you should check LoggedIn field for the user, if it is false - you simply process the operation. If not - you should check LastActivityDate value, and if it older than a timeout you will define (lets say 3 minutes) process the operation. If not - reject it and show error message. This additinal check is required because we cannot guarantee that window.onbeforeunload is always executed.
5. The final step would be a javascript which consequentially calls a server action in timeout which updates LastActivityDate. This script should be defined on each page which is accessible for logged in user.

I hope the approach is clear.