[dba-VB] ASP.NEt 2.0: Forms Authentication: how to prevent using the same login *second* time fr

Gustav Brock Gustav at cactus.dk
Tue Dec 18 10:20:54 CST 2007


Hi Shamil

That was my thoughts and conclusion.
And it does have that complication. However, at _any_ time the user can "pull the plug" - in many ways with or without intention. I think that's the programmer's nightmare all the time to consider "what happens at this point if the user session is killed?". The user may loose data typed in, but the app should not crash and stored data should not get corrupted.

Further, you cannot educate users to always logout clicking a button. As the good guy I am I always try to do so, but in Hotmail you are redirected to msn.com which I hate, thus I always close a Hotmail session by clicking the close button of the window, and most users will do as well as they forget or don't understand why not to do so.

Also, your client must be really nice and patient! Keeping a user logged out for about 20 minutes if something happens will not raise popularity among users. Again, users are impatient and will not understand why they can not just log in again.

/gustav

>>> shamil at users.mns.ru 18-12-2007 16:52 >>>

<snip>

...the most user-friendly looks like to "kill" existing session when a login
with the same FormsAuthentication credentials happens - this should be a
rare occasion after all and this will not force users to wait until session
time-out expires...

...the only complication for the latter approach is that  Web application
keeping some state information should be ready to be "killed" any time - I
mean when they get "killed" they shouldn't leave the system  and back-end
database in inconsistent state - the "killer: should be able to "catch-on"
on the session it "kills"...

...yes, I know web applications should be better programmed completely
stateless - trying to achieve that here but not yet there - have to convince
customer to change the ways they usually work with desktop apps - I mean to
not expect the same "stateful" behavior from Web apps because "it's all two
blades sword" - you gain in one feature/functionality/usability issue - you
loose in another...

</snip>





More information about the dba-VB mailing list