Restrict users login instances

[olu]

Hello Everyone,
    Got a web application that allows users to login from a computer, and a webservice that allows users to login using a mobile app. I need to find a way to restrict user login on computer to one and also only allow one mobile app login from the same user and user can only login on one registered device. Please any advice on how to do this would be appreciated.

Thanks

[kevin plummer]

Hi Olu,

the challenge is knowing when the user logs out but by using cookies on the device you could detect if the same login was being used on 2 different devices at the same time. Your idea of limiting the user to registered devices makes this a bit easier by again setting a cookie but that would be tied to a browser so that could be a bit restrictive to some users. If you went down this road I would add an easy way for the user to swap the registered browser\device without contacting admin.

HTH's,

kevin

[olu]

Thanks kevin, But is it not possible to get a app device to send a unique identifier like the device serial number which i can now store on file and always check at login?
 

[kevin plummer]

Harder than you think...


http://stackoverflow.com/questions/216542/how-do-i-uniquely-identify-computers-visiting-my-web-site

[olu]

Thanks Kevin, what i might do is get the app company to supply a unique ID for each device that way, i get them to do the worrying about sorting it out.And only worry about allowing only one instance of the user logged in.
 

[Robert Iliuta]

Hallo Olu,


I do something similar just that I restrict user to 1 login/session...doesn't matter is mobile or desktop. Maybe I will let them also both (mobile and desktop)...but I don't see the reason.... When they login I check the incoming parameter to see if they come from a mobile or desktop and then I story in a table. (UserOnline). The problem is when they close the browser without to press logout button...well this way they need to wait until the session will expire automatically. (in my case is 17m)

This is the code to detect if they come from a mobile...

      IF INSTRING('Mobile',CLIP(p_web.RequestData.DataString),1,1) OR INSTRING('Android',CLIP(p_web.RequestData.DataString),1,1)
         AUTI:OnlineMobile = 1
       ELSE ! they come from a desktop
         AUTI:OnlineMobile = 2
      END

The code works ok and so far it's perfect for me. (I just do this for statistics)
Maybe you can modified the code and fetch to see if user is already connected to a desktop or a mobile, if connected then show a warning message if not then let him connect...

Hope this help you.

Regards,
Robert



[attachment deleted by admin]

[olu]

Thanks Robert, I will give it a go.