Restrict the same user to login from different machines in satisfying different conditions of network

Question

I have a ASP.Net Web application hosted on a server.

I want to restrict same user to login on different machines over the network connection but with certain conditions to be satisfied.

So I thought of adding three new columns to the User table so that we can track if same user is logged in on same or different machines.

Those columns are like :

• IsLoggedIn : To check if the particular user is already logged in or not.
• SessionID : To check if the same user instance is opened.
• IPAddress : To check if the same user is on same or different PCs.

This should satisfy some of the below conditions, but it fails to satisfy some of them.

Conditions are as follows :

1. Both computers are on the same LAN.
2. Each computer is accessing the application over the internet from different locations.
3. Each computer is accessing the application over the internet from the same location.
4. Some of the application hosted which means that IP address alone is not sufficient to distinguish different computers.
5. Some users just close the browser without logging out. So sessions may not be ended at this situation.

Can anybody suggest how to accomplish all these conditions to satisfy with my application ? Mainly 4th and the 5th .

Thanks in advance.

Answer 1

4. You can use cookies to identify the machines where the user has logged himself. Identifying the computers through hardware keys won't work from what I know as it would be a security issue. More ideas oin this: How to uniquely identify the client machine in an ASP.NET application?

5. You can, for example, let the user login on a new machine and at that point close his existing sessions if any. Or even pop up a question like do you want to close all other sessions?