I'm trying to get the current logged (in my app) user in every winform of my app, but I don't know how to differentiate between multiple logged users in the app.
I have an ActiveUsers SQL Table with SessionID and UserID to identify a single user.
Also how can I close the session (delete the userid from the ActiveUsers table) if the app is terminated abnormally?
Any help?
Edit: The app is composed of several winforms and is intended to run in multiple Pcs at the same time. Users are created in the application and stored in SC_User table with UserID as PK. The ActiveUsers table has UserID as FK and SessionID as PK. What i want is to get the UserID of the user using the applicattion in any winform and use it to for example change the app language preference of the that user. For a single user i insert the UserID in the ActiveUsers when login and delete when logoff.
Keeping application-wide data is quite easy. All you have to do is add either a static (shared in vb.net) class or a singleton class to your project and store the application-wide data there. (Extra read: differences between singleton and static)
As for the second question, You don't really have a way to know if the client is closed without proper logout. What you do in these cases is implement a keep-alive mechanism.
A simple implementation would be to add another column to your session table to keep track off the time stamp when the logged in user was last active (usually a timer inside that static/singleton class will be in charge of updating this column every x time, and once the difference between this column and the current datetime is big enough, you can safely assume that the application is closed without proper logout.
You can even run a scheduled job on your sql server to delete the records on the session table where the application is closed without proper logout if you want to.
Related
Note: This is likely a duplicate question but I couldn't search for a solution/suggestion for my use case, so if anyone can re-direct me, that would be appreciated.
Problem: I have a NextJS application that runs on Prisma ORM and MySQL database. I am using NextAuth for OAuth authentication for sign up and log in.
So far the application works just fine but I want to check whether a user is logging in for the first time and redirect them to a set up page whether they would input personal details in order to populate a table on the database, so that the app can form a dynamic page based on their newly added information.
On the database, there are the user table (populated by NextAuth immediately at login) and the profile table.
Under NextAuth, the user table is populated automatically with the account's user name and email etc. However, that is not a unique entry and NextJS getStaticPath requires a unique entry to generate a dynamic page. That's why I have created the profile table to allow users to add their custom username where the dynamic URL will be generated (e.g. localhost:3000/u/[slug])
Here's my question - I want to check that the user is first time logging in and send a form for them to fill out the necessary information to input data onto the profile table, otherwise they would go straight to their profile homepage. What is the best way to check that and to redirect them to that form page?
Do I do it at server side with getServerSideProps by checking that the id from user table is missing from the profile table and do a redirect? Or is there some method that's customarily used to implement this "initial set-up" procedure?
I need to do the following tasks in CakePHP 3:
Logout users manually
Limit the number of sessions to one per user
I'm using database sessions to accomplish that. Is it possible to save additional data in sessions table? If yes, could you give me an example please?
The session database model is a cake model like all the other models, which means you can interact with it, in the same way, by adding new columns to that table and/or deleting sessions if needed. Use the model object to update delete entities in that table (I assume you're talking about cakephp 3.x)
Limiting the number of sessions to one per user can be tricky as sessions are created even if a user is not logged in. So you will have "user-less" sessions in your database as well.
Suggested way to tackle this
When a user logs in, get the current session ID and find the row in the session table that needs to be updated to include the username
At this time you may also want to delete the other rows that have the same user name, effectively destroying all the other sessions for this user.
I'm using the ASPNET Identity tables for my MVC 5 application. Each night we perform "maintenance" on our database. If we modify something under that user, I want to inactivate their current session so that the next action they perform in the web application will kick them back to the login screen. The authentication/authorization already is built into my application using AspNet.Identity. I just need a way to wake it up by setting a flag if it exists.
For example the ASPNETUsers table has an "Inactive" column, but that's too permanent. I'm looking for the "ThisGuyIsLoggedIn" column.
This was close to the same problem, but the answer was to manage it from within MVC, which is not an option.
forcefully log out a specific user among all online users
After playing with some of the columns I realized, you can change the SecurityStamp column which will invalidate the user and cause any authentication to fail. Just don't change it to NULL.
UPDATE AspNetUsers
SET SecurityStamp = NEWID()
WHERE Id = #USER_ID
I would like to share this link, with a full description of how to force user logout.
https://tech.trailmax.info/2015/09/prevent-multiple-logins-in-asp-net-identity/
full project on github:
https://github.com/shaahink/Prevent-Multiple-Login-ASPNETIdentity
If you need to reset the security stamp:
var result = await UserManager.UpdateSecurityStampAsync(user.Id);
It's very nice solution to reset user stamp from admin panel.
I have a C# .net 4.5 website where users select certain data fields and then they get generated and the user can download the data.
There is a new feature management wants me to add that will allow users to select any field even if there are fields that do not go together and when the user submits this job I have to split out the fields and generate however many jobs it takes to create them.
Without having to change my entire back end process I wanted to store the users selections in a data table in memory and when they submit I can loop through the table and submit the jobs accordingly.
What would be the best way to have a data table that will be alive during the entire user session? Should I create it as a session variable? The user can come back and add or remove from it at anytime while on the site.
Thank you
We are using Cakephp framework version 2.0.6
The site is "supposed" to allow an anonymous user to "add to cart."
We are using the session id (using cake's native session class) to store the anonymous user's information in a db table.
When the user goes to checkout, then we want to ask "are you a current member? If so, click yes to login or no to create an account."
ISSUE:
Regardless of what they choose, the user either then has to login, or create a new user/pass (and then login) which is causing cakephp to regenerate a session ID. This is making it impossible in the new session to grab what that user added to the cart when they were anonymous just 5 minutes prior. In other words, the anonymous user's session id changes between when they are anonymous and after they login/create-user, making it impossible to identify their cart post-login.
Is there a way to prevent cakephp from regenerating a session in this scenario, or a better way to accomplish what we are trying to do while still keeping our order flow (ie: anonymous being allow to add to cart, before login/create)?
It is this reason that shopping carts are more often than not stored in Cookies. That way you can easily retrieve the saved information post-authentication.
If you insist on using Sessions to store this data, consider setting your Security.level setting to 'low'. That should prevent CakePHP from regenerating the session ID.