asp.net单一登录
asp.net 使用 Application 限制单一登录
原理:用户登录后系统会分配一个与用户唯一对应的SessionID,将当前用户ID与其SessionID对应保存在Application中,一旦该用户在其他地方重复登录则Application中保存的SessionID就会被更新,导致当前session中的SessionID与Application中的SessionID不再一致
用户登录后保存SessionID在Application中
private static void RecordLogin(string strUId) { HttpContext.Current.Application.Lock(); HttpContext.Current.Application["SESSIONID_" + strUId] = HttpContext.Current.Session.SessionID; HttpContext.Current.Application.UnLock(); }
判断方法
public static bool CheckRepeatLogin(string strUId) { object objSessionId = HttpContext.Current.Application["SESSIONID_" + strUId]; if (objSessionId == null || objSessionId.ToString() == "") return false; return objSessionId.ToString() != HttpContext.Current.Session.SessionID; }
aspx页面跳转时判断:添加基类 BasePage.cs
public class BasePage:System.Web.UI.Page { public UserInfo CurUser = null; protected override void OnInitComplete(EventArgs e) { CurUser = CurSession.CurUser; if (CurUser == null) { Response.Redirect(SysHelper.GetVirtualPath() + "pagesessionnull.html", true); } if (LoginService.CheckRepeatLogin(CurUser.UId)) { Response.Redirect(SysHelper.GetVirtualPath() + "pagerepeatlogin.html", true); } base.OnInitComplete(e); } protected override void OnLoadComplete(EventArgs e) { Response.Cache.SetNoStore(); base.OnLoadComplete(e); } }
ashx页面请求时判断:添加基类 BaseHandler.cs
public class BaseHandler : IHttpHandler, IRequiresSessionState { public UserInfo CurUser = null; public HttpContext CurContext = null; public void ProcessRequest(HttpContext context) { context.Response.ContentType = "application/json"; context.Response.Charset = "utf-8"; context.Response.Cache.SetCacheability(HttpCacheability.NoCache); try { CurUser = CurSession.CurUser; CurContext = context; if (CurUser == null) { context.Response.Write(JsonHelper.GetResult(false, "登录超时,请重新登录", new { rcode = -98 })); } else if (LoginService.CheckRepeatLogin(CurUser.UId)) { context.Response.Write(JsonHelper.GetResult(false, "您的帐号在其他地方登录,您已经被踢出,请重新登录", new { rcode = -99 })); } else { context.Response.Write(ActionMethod()); } } catch (Exception ex) { context.Response.Write(JsonHelper.GetResult(ex.Message.ToString())); } finally { context.Response.End(); } } public virtual string ActionMethod() { return JsonHelper.GetResult(); } public bool IsReusable { get { return false; } } }