HI, I am doing ERP solution in C#(2.0) windows application and SQL2005 Database.The network application communicate through Database.I used normal technique for user login and logout, keeping a status bit.My problem is that when my application interrupted with any other reason user status might not change.That will cause the user can t login at next time.How can I solve this problem? Could you give any new technique for user manipulation?
用户登录技术 C# Win 应用程序
原标题:
最佳回答
如果您的意图是禁止在不同的计算机上共享一个用户名,在使用有效密码登录后,将唯一的令牌记录在该计算机上的 staff.last_logged_at = @unique_token。在注销时,将 staff.last_logged_at =。这样,即使计算机被中断(由于病毒程序崩溃或不小心按下计算机的重置按钮等,因此上次登录日期未被重置),用户仍然可以登录,只需检查用户当前登录的计算机的令牌是否与 last_logged_at 相同。如果相同,则可以继续登录。
If some user tried to login using the username of other user, just check if the machine token of some user s computer is the same with the other user s last_logged_at, if it is not equal, disallow logging in, it means two users share the same password.
Now the scenario if the computer crashes really hard (processor melts, hard disk crash, OS needs reinstalling, etc). User must be allowed to use other computers. Make an administrative module that can reset the last_logged_at of the user.
For @unique_token, just use anything that is unique and permanent on a computer, let s say MAC address, or hash anything on OS settings.
pseudo code:
Logging In:
if (select count(*) from staff where staff_name = @staff_name and password = correct and (last_logged_at = or last_logged_at = @unique_token) ) <> 0 then then
-- allow login
update staff set last_logged_at = @unique_token where staff_name = @staff_name
else if (select count(*) from staff where staff_name = @staff_name and password = correct and last_logged_at <> @unique_token) <> 0 then then
-- disallow login
throw exception "You cannot use the same user name on two or more computers. Contact the administrator if you have any concerns"
else
-- disallow login
throw exception "Wrong password"
end if
Logging Out:
update staff set last_logged_at = where staff_name = @staff_name
问题回答
通过为每个登录维护会话来跟踪用户登录情况如何?快速而简单的解决方案是,然后提供一个选项,让他们从“新位置”登录并使旧会话无效。然后,在执行操作时,首先检查会话是否仍然有效。
更好的实现方法是保持会话处于活动状态,并指定超时时间。(即,如果会话已经存在x分钟,则使其失效。)然后你就不会看到来自旧孤立连接的“幽灵登录”--它们会自动过期。
这里有两个常见的答案:
- if you try to log in, and are already logged in, offer to break (reset) the existing login
- use a polling/timeout - i.e. have the app call a method every 2 minutes (for example) that updates a "last heard from"; if you haven t heard from somebody in 5 minutes (for example), then clear the flag
为什么要限制用户登录次数?在Windows中,启动多个应用程序实例很常见。
我必须承认,在我的Windows应用程序中也有一部分只允许一个用户。为了看到其他用户是否连接,我使用了类似于马克的轮询算法的东西。还有一个选项可以强制进入。
每分钟或两分钟更新一次锁定记录并不会占用太多资源(除非您有成千上万的用户)。
相关问题
热门标签
- winforms
- combobox
- fogbugz
- java
- date
- internationalization
- asp.net
- iis
- url-rewriting
- urlrewriter
- c#
- enums
- ocaml
- haxe
- algorithm
- string
- viewstate
- .net
- c++
- c
- symbol-table
- mysql
- database
- postgresql
- licensing
- migration
- vb.net
- vb6
- declaration
- vb6-migration
- python
- psycopg2
- backup
- vmware
- virtualization
- gnu-screen
- authentication
- desktop
- excel
- xll
- cultureinfo
- regioninfo
- oracle
- client
- session
- download
- html
- virtual
- constructor
- scenarios
- perl
- full-text-search
- javascript
- ajax
- testing
- oop
- inheritance
- vim
- encapsulation
- information-hiding