How to prevent multiple logins from same user?
Take a look at this it protect you from Cross-Site Request Forgery and you can check if user had logged in.
Try: save csrf token to db, then check if users token same that in db...
If not: unset cookie and session for this user and return him to Sign In page;
If yes: do your stuff
How to prevent multiple logins using same username?
If you give every user their own database role, Postgres can handle this for you (along with the rest of the authentication process):
CREATE USER <username> PASSWORD '<password>' CONNECTION LIMIT 1
This has a number of other benefits, like fine-grained access control via grants and row-level policies, and access to a much wider range of authentication methods.
If this isn't an option, the simplest approach is probably to acquire a session-level advisory lock on login, i.e.:
SELECT pg_try_advisory_lock(<userid>)
This will return true
if you have successfully acquired the lock, or false
if the lock for that userid
is already held by someone else. Once acquired, the lock will be held for the rest of your session, and will be automatically released on disconnect.
Keep in mind that you're just locking an arbitrary number, so you need to be sure that no other process is locking the same number for an unrelated reason. A common way of managing this is to call the two-argument version of pg_try_advisory_lock()
, and scope the lock to your users
table by passing in the table's internal identifier:
SELECT pg_try_advisory_lock('users'::regclass::int, <userid>)
How to prevent multiple login from single user name
The type attribute needs to include the namespace:
<add name="SingleSessionEnforcement" type="Demo1.SingleSessionEnforcement" />
In asp.net site how to prevent multiple logins of same user id?
There could be several possibilities. A quick response is:
Maintain a flag in database; upon every login/out update the flag. For instance, upon every authentication request you can reject the login request if the flag is already true.
Alternatively, you can maintain a list of users in the
Application
object and use.Contains
to see if it already exists.
--EDIT--
Lets try the database flag option; and assume that you have a method called StillLoggedIn(User)
that updates the date/time and flag.
So, when user logs in:
- The app is going to authenticate the user and set flag=1, and mark a date/time stamp.
For subsequent requests, the app would call
StillLoggedIn(User)
;Prepare a windows service that would browse the database from time to time(lets say after 5 minutes if you have 10000 users). The service would compare the database date/time with the current date/time and mark the flag as
0
if the currentTime minus lastUsedTime is greater than, lets say, 5 minutes.
It could be anything besides a database and windows service.
Related Topics
Generate Bank Account Number With Random
How to Check Whether an Integer Is Null or Zero in Java
How to Send Date in Rest API in Post Method
How to Convert a Kotlin Source File to a Java Source File
How to Check Type of Variable in Java
Consider Defining a Bean of Type in Your Configuration
403 Forbidden When I Try to Post to My Spring API
Is There a Java Setting for Disabling Certificate Validation
How to Activate a Function When Some Variable Changes
How to Upload a File and Json Data in Postman
Multipartexception: Current Request Is Not a Multipart Request
How to Beautifully Update a JPA Entity in Spring Data
How to Determine If a List of String Contains Null or Empty Elements
Pass Multiple Parameters to Rest API - Spring
How to Check Whether a Given String Is Valid Json in Java
How to Pass JavaScript Values to Scriptlet in Jsp
How to Join Results of Multiple Tables in Spring JPA Repository