DevForce 2010: How To: LoginManager enable single session per login

Print Page | Close Window

How To: LoginManager enable single session per login

Printed From: IdeaBlade
Category: DevForce
Forum Name: DevForce 2010
Forum Discription: For .NET 4.0
URL: http://www.ideablade.com/forum/forum_posts.asp?TID=3277
Printed Date: 16-Apr-2024 at 2:10am

Topic: How To: LoginManager enable single session per login

Posted By: Chrizy
Subject: How To: LoginManager enable single session per login
Date Posted: 21-Feb-2012 at 7:02am

Hi,

Please can you advise on how best to solve the following requirement?

I have created a custom LoginManager which is validating the users credentials against my database, I need to restrict access to only one session per user (Users are paying on a per user license). The way I think this should work is ideally to warn the user they are already logged in, offer a continue/exit option and if they continue logout the initial instance.

Thanks

Chris

Replies:

Posted By: kimj
Date Posted: 21-Feb-2012 at 12:36pm

Hi Chris,

DevForce itself doesn't provide this, but you should be able to do what you need within your custom IEntityLoginManager. An instance of your login manager is constructed by an EntityServer when it starts, so you can keep your own state for the lifetime of the EntityServer. Since a login manager implements both Login and Logout methods you can add and remove the user from your own list or dictionary, and check this to restrict access. The only real way to fail a login is to throw a LoginException (or a custom sub-type of it), but what you throw in your login manager will flow back to your client application.

Posted By: katit
Date Posted: 21-Feb-2012 at 1:07pm

If we talk Silverlight - I don't think users will ever "logout". They will close browser most likely.

Posted By: kimj
Date Posted: 21-Feb-2012 at 1:18pm

OK. Well, you can hook into the window OnBeforeUnload event and call Logout there. Unfortunately, it's not really clear whether requests to the server will always make it through. A timer would help, but then you'll also need to track user activity so that you know when a session has gone stale.

Here's some info on hooking into the window unload: http://mark.mymonster.nl/2009/02/28/integration-of-browsers-unloading-with-silverlight/ - http://mark.mymonster.nl/2009/02/28/integration-of-browsers-unloading-with-silverlight/

Posted By: katit
Date Posted: 23-Feb-2012 at 9:38am

I've seen that before and I think one of the best ways to handle this stuff (I'm about to do it myself) it to keep some kind of token on a server and remove it when same user logs in. That will kick out previous user - this can be done with push notifications to OTHER users.

It will work like so:

Person1 logs in as "User1" and writes tag "Person1:User1"

Person 2 comes along and logs in as "User1" - while logging in - it will detect that Person1:User1 already logged in and will kick him out by sending push notification. Person1 in fact may be out already, but if not - he will get notification that someone with same login just connected and he is being pushed out.

This kind of stuff will be obvious for users and they will buy licenses if that is a main point :)

Print Page | Close Window