At the same time, one account can only use two different ideas. First, after the user logs in, the system saves the information already logged in. The next identical account requires login, and the user is rejected. The other is the user login. System. If the account already logs in before, kick out the previous user. Both methods can reach a account only one user use, but there is a problem with the former is: If the user is stolen by others, which is normal Users cannot log in to the system. The last idea will rob.
The user is really metamorphosis. For security, the network card binding, IP binding, https, he also requires one account only by one person. I always do not to determine if I have used his account in each page!
ASP.NET has an EventHandle is prerequestHandleRexecute, well, we are in this event whether the user has been logged in by others, if so, turn to the prompt page.
// Current session exists
IF (System.Web.httpContext.current.Session! = NULL)
{
// Do not log in
IF (System.Web.httpContext.current.Session ["userid"]! = null)
{
/ / Get the sessionID of the user login, set in the login page, and determine if the two IDs are the same, and then someone will log in with your account.
IF (Application ["session" system.Web.httpContext.current.Session ["userid"]. Tostring ()]. Tostring ()! = system.Web.httpContext.current.Session.SessionID)
{
Response.Redirect ("/ OtherOnElogin.html", TRUE);
}
}
}
// In initialization Global Hook
Public global ()
{
This.PrequestHandleRexecute = new system.eventhandler (this.global_prerequesthandlerexecute);
}
// Code set when logging in
Application.lock ();
Application ["session" session ["userid"]. TOSTRING ()] = session.SessionID;
Application.unlock ();
