Topic: Restrict Multiple Logins

][ce    -- 07-12-2004 @ 11:05 AM
  Hey everybody!

I'm not even sure if this is possible, but I'm looking for some guidance...

I currently have a portal, with 500 employees logging in.  My dilemma is restricing said users to logging in only once.

I was thinking of putting a boolean field, that simply returns if they are logged in or not... but then I am relying on them clicking on "logout" to run the update query to set it back to false.

I have the routine mentioned in one of these tutorials to clear the session when the browser is closed, but I can't think of any way to invoke the update query at that time...

Any suggestions would be greatly appreciated!

RafaelQ    -- 07-12-2004 @ 11:09 PM
  Why not just remove access to the login page once user is logged in? Seems like a simpler solution.

][ce    -- 07-13-2004 @ 8:33 AM
  I'm not sure I follow your logic... or maybe I wasn't clear in my initial request.

With 500 computers in our facility, in essence, somebody could log in as themselves on every PC.  What I am trying to restrict, is not multiple logins on the same computer, but on various computers.

This has a two-fold benefit, if they are "floating" from desk to desk, and they forget to logout from their initial desk, they will be reminded that they are already logged in.  It also acts as a security measure, that somebody doesn't try, or at the very least, is unable, to log on under somebody else's ID.

Does that make sense?

nmiller    -- 07-13-2004 @ 11:40 AM
  use this tutorial:

This will allow you to know who is logged in at any time and dissallow them from logging in again (some modification may be necessary).

Nathan Miller
NM Consulting

][ce    -- 07-13-2004 @ 3:59 PM
This is exactly what I was looking for.  Thanks a ton!

I totally looked through the tutorials... but I must have not seen this one.
I hate being one of those guys who don't look under their nose for the answer.


][ce    -- 07-13-2004 @ 9:30 PM
  Hmmm... maybe I spoke too soon.
I'm running into a small problem... although, I may be overanalyzing the whole situation.

With the aforementioned tutorial, I'm now keeping keeping track of all users who have logged in using their Employee ID as the unique ID.  I'm setting the StructDelete command to run if the timestamp is greater than 10 minutes.

If I understand the code correctly, it bases it's logic around the assumption that the user is navigating through the site in less than 10 minute intervals.  In my environment, I could run into a scenario where a user would be using other applications, and not touching the website for upwards 45-60 minutes.  If this is the case, when deleting the entry after 10 minutes, somebody could log in under that same ID, and the original user may only notice half an hour later.

So, I thought about increasing the time allocated before it runs the StructDelete command... although, a problem is presented if I go that route.  If a user closes his or her browser, they are basically locked out until one of two things happen.  1.  They wait until the given time has elapsed... or 2. I manually delete the entry.

I hope I'm making sense here...
As always, any help would be greatly appreciated.

nmiller    -- 07-14-2004 @ 9:27 AM
  It sounds like your analysis is accurate.  Here's what i would do.  Set a cookie on the user's machine when they log in.  Then you can check if it's the same user trying to log in again and let them back in, regardless of how much time has elapsed.  If the same userid is trying to log in and there's no cookie, that means the user is logging in on a different machine and you can lock it out.

In order to make this work, you'll also want to store the date/time in the cookie.  This will help you get around issues related to when a cookie is deleted from a user's machine.  You can compare now() with the date in the cookie.  You'll have to determine the best way to handle this based on your requirements.  If the cookie was set yesterday, for example, you would just delete the cookie and process it like a new login.  

Nathan Miller
NM Consulting

EasyCFM.COM ColdFusion Forums :