asp.net单一登录

asp.net 使用 Application 限制单一登录

原理：用户登录后系统会分配一个与用户唯一对应的SessionID，将当前用户ID与其SessionID对应保存在Application中，一旦该用户在其他地方重复登录则Application中保存的SessionID就会被更新，导致当前session中的SessionID与Application中的SessionID不再一致

用户登录后保存SessionID在Application中

private static void RecordLogin(string strUId)
{
    HttpContext.Current.Application.Lock();
    HttpContext.Current.Application["SESSIONID_" + strUId] = HttpContext.Current.Session.SessionID;
    HttpContext.Current.Application.UnLock();
}

判断方法

public static bool CheckRepeatLogin(string strUId)
{
    object objSessionId = HttpContext.Current.Application["SESSIONID_" + strUId];
    if (objSessionId == null || objSessionId.ToString() == "") return false;

    return objSessionId.ToString() != HttpContext.Current.Session.SessionID;
}

aspx页面跳转时判断：添加基类 BasePage.cs

public class BasePage:System.Web.UI.Page
{
    public UserInfo CurUser = null;

    protected override void OnInitComplete(EventArgs e)
    {
        CurUser = CurSession.CurUser;

        if (CurUser == null)
        {
            Response.Redirect(SysHelper.GetVirtualPath() + "pagesessionnull.html", true);
        }

        if (LoginService.CheckRepeatLogin(CurUser.UId))
        {
            Response.Redirect(SysHelper.GetVirtualPath() + "pagerepeatlogin.html", true);
        }

        base.OnInitComplete(e);
    }

    protected override void OnLoadComplete(EventArgs e)
    {
        Response.Cache.SetNoStore();
        base.OnLoadComplete(e);
    }
}

ashx页面请求时判断：添加基类 BaseHandler.cs

public class BaseHandler : IHttpHandler, IRequiresSessionState
{
    public UserInfo CurUser = null;
    public HttpContext CurContext = null;

    public void ProcessRequest(HttpContext context)
    {
        context.Response.ContentType = "application/json";
        context.Response.Charset = "utf-8";
        context.Response.Cache.SetCacheability(HttpCacheability.NoCache);

        try
        {
            CurUser = CurSession.CurUser;
            CurContext = context;

            if (CurUser == null)
            {
                context.Response.Write(JsonHelper.GetResult(false, "登录超时，请重新登录", new { rcode = -98 }));
            }
            else if (LoginService.CheckRepeatLogin(CurUser.UId))
            {
                context.Response.Write(JsonHelper.GetResult(false, "您的帐号在其他地方登录，您已经被踢出，请重新登录", new { rcode = -99 }));
            }
            else
            {
                context.Response.Write(ActionMethod());
            }
        }
        catch (Exception ex)
        {
            context.Response.Write(JsonHelper.GetResult(ex.Message.ToString()));
        }
        finally
        {
            context.Response.End();
        }
    }

    public virtual string ActionMethod()
    {
        return JsonHelper.GetResult();
    }
    public bool IsReusable
    {
        get
        {
            return false;
        }
    }
}