1

I am working on an application that allows users to have a profil ...

For security reasons, i want to deny connexion to already connect user, which means if a user is connected from a machine, he can't connect from another one, some people may say cookies and sessions but i'm using an "Application" not a website.

for now, i added a column is the users table in my database called "IsConnected" so before logging in, the Application check if this column is set at 1 or 0 and based on this value allow or deny connexion to this user, it is working, but not perfectly. if the user close the application without disconnecting the column is not set to 0 so the user is always connected.

my hope is that you guys tell me another way for doing thing, because am new to this domain and i need your help.

HABO
  • 15,314
  • 5
  • 39
  • 57
  • Did you add a method to force disconnect on the FormClosing event? – Hambone Jul 29 '14 at 01:34
  • yes, but still not perfect in my mind, is there a session/cookie like using C#, because when i try to search i only get asp.net :/ –  Jul 29 '14 at 01:35
  • There are application settings, but that doesn't sound like it would help you if they try to connect from another machine. For that matter, neither would cookies (notionally). It's a kluge, but have you considered setting up a heartbeat (I'm alive) and a scheduled task to clear dead connections? I'm curious if someone has a more constructive suggestion. – Hambone Jul 29 '14 at 01:40
  • @Hambone thanks for your reply, it don't seems like anyone is unterested, going to search more and more –  Jul 29 '14 at 01:42
  • 1
    Have a look at [Context_Info](http://technet.microsoft.com/en-us/library/ms189252%28v=sql.105%29.aspx). Use a stored procedure when you establish a connection to set the context info for the session and verify that it is unique for all current connections. – HABO Jul 29 '14 at 01:54
  • @HABO i'm using mysql :/ –  Jul 29 '14 at 01:58

1 Answers1

1

I doubt there is any cookies for desktop application, it was made to keep some data in browser, you can keep any data in your application without it.
In database you can store date and time of last user activity along with some device identifier, like maybe mac address. Connected application should refresh that information, for example every hour, and if user was connected two or more hours ago, he is disconnected and can connect again from different device. He should be able to disconnect explicitly too, but in case application crashed or pc rebooted or who knows what happened it has to disconnect users, which haven't done server activity for some time.

Community
  • 1
  • 1
Atomosk
  • 1,871
  • 2
  • 22
  • 26
  • 1
    good solution, but it won't work for me because the user can open a new session on his mobile after closing the desktop application(shuting down the computer instantanly) then he will need to wait for 1 hour i guess to reconnect frrom mobile –  Jul 29 '14 at 01:49
  • 1
    @reda remove that device id from database on explicit disconnect. Also device id can be generated on server and sent to client and he can store it somewhere on disk, which is more weblike solution, but I think in web we do it because we can't get device id from browser. – Atomosk Jul 29 '14 at 01:58
  • when i said shuting down computer i meant removing the alimentation, then the Application can't contact the Mysql server. i know this is a bit crazy but i need this App to be perfect :) –  Jul 29 '14 at 02:01