In my previous article "Using Cache to Check whether Users Login Repeatedly", after practice and thinking, I found that I overlooked a very important point: only setting a login value to the Cache when logging in. If the Cache expiration time is set for a long time, once the user logs out and logs in again within a short time interval, they will find that they cannot log in. However, if the expiration time is set to a short time, the malicious login will log in again in a shorter period of time and successfully pass the test. Obviously this method of judgment is imperfect.
How do we need to improve this time problem? Set a short expiration interval, and then check the Cache at regular intervals and rewrite the user login information into the Cache. So as long as the user does not exit the website system or close the browser, this judgment method will always be effective! So, on the WEB and under ASP.NET, what can conveniently achieve the timer effect? For now, the best choice is undoubtedly the Timer control in ATLAS! You can set the start of the timer, the interval time, and the events to be done after the interval time.
After the program is improved, it will be shared as follows, please refer to the program notes:
Front page
<%@ Page Language="C#" AutoEventWireup="true" CodeFile="Default.aspx.cs" Inherits="_Default" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN " " http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd ">
<html xmlns=" http://www.w3.org/1999/xhtml ">
<head runat="server">
<title>Untitled Page</title>
</head>
<body>
<form id="form1" runat="server">
<asp:ScriptManager ID="ScriptManager1" runat="server" />
<div>
<asp:UpdatePanel ID="UpdatePanel1" runat="server">
<ContentTemplate>
<asp:TextBox ID="TextBox1" runat="server"></asp:TextBox>
<asp:Button ID="Button1" runat="server" OnClick="Button1_Click" Text="Login" />
<br />
<br />
<asp:Label ID="Label1" runat="server" Width="350px"></asp:Label>
<asp:Button ID="Button2" runat="server" OnClick="Button2_Click" Text="Clear Cache" />
<asp:Timer ID="Timer1" runat="server" Enabled="False" Interval="15000" OnTick="Timer1_Tick">
</asp:Timer>
</ContentTemplate>
</asp:UpdatePanel>
</div>
</form>
</body>
</html>
Background program
using System;
using System.Data;
using System.Configuration;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;
public partial class _Default : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
}
protected void Button1_Click(object sender, EventArgs e)
{
try
{
//username
string sName = TextBox1.Text;
//Generate Key
string sKey = sName + "_Login";
//Get the value of the given Key in the Cache
string sUser = Convert.ToString(Cache[sKey]);
//Check if it exists
if (sUser == null || sUser == String.Empty)
{
Session["username"] = sName;
//There is no item for this Key in the Cache, indicating that the user is not logged in, or the login has timed out.
//TimeSpan represents a time interval and obtains the system's setting value for session timeout.
//(If you consider that the time allowed for users to log in again is less than the session timeout, this value can be set smaller)
//TimeSpan SessTimeOut = new TimeSpan(0, 0, System.Web.HttpContext.Current.Session.Timeout, 0, 0);
//For demonstration here, the Cache saving interval is set to 20 seconds.
TimeSpan SessTimeOut = new TimeSpan(0, 0, 0, 20, 0);
HttpContext.Current.Cache.Insert(
sKey,
sKey,
null,
DateTime.MaxValue,
SessTimeOut,
System.Web.Caching.CacheItemPriority.NotRemovable,
null
);
//Start Timer
this.Timer1.Enabled = true;
//When you log in for the first time, you can do the work you want to do.
Label1.Text = "Hello!" + sName + "Welcome";
}
else
{
//The user's record is found in the Cache, indicating that he has already logged in and is prohibited from logging in again.
Label1.Text = "Sorry, your user identity has been logged in";
return;
}
}
catch (System.Exception ex)
{
Label1.Text = ex.Message;
}
}
protected void Button2_Click(object sender, EventArgs e)
{
//username
string sName = TextBox1.Text;
//Generate Key
string sKey = sName + "_Login";
//For the convenience of testing, this method is set up to remove login information from the Cache
HttpContext.Current.Cache.Remove(sKey);
Label1.Text = Session["username"] + "The user login information has been cleared from Cache!";
}
protected void Timer1_Tick(object sender, EventArgs e)
{
if (Session["username"] != null)
{
//username
string sName = TextBox1.Text;
//Generate Key
string sKey = sName + "_Login";
//Get the value of the given Key in the Cache
string sUser = Convert.ToString(Cache[sKey]);
TimeSpan SessTimeOut = new TimeSpan(0, 0, 0, 20, 0);
if (sUser != null)
{
HttpContext.Current.Cache.Remove(sKey);
}
HttpContext.Current.Cache.Insert(
sKey,
sKey,
null,
DateTime.MaxValue,
SessTimeOut,
System.Web.Caching.CacheItemPriority.NotRemovable,
null
);
}
else
{
this.Timer1.Enabled = false;
}
}
}
Sample code:/Files/heekui/WebLogin.rarPostscript
:
1 This method is feasible for judging repeated logins by users, but it is also accompanied by another problem. If the Timer is set to work regularly, the Session will never expire as long as it does not exit normally or close the browser. Will this have any negative effects?
2 This method will send requests to the server regularly for each user, which will undoubtedly increase the burden on the server. If there are a lot of people online at the same time, will this kind of request have a big impact on the server?
Therefore, we can only say that the above method is only a feasible method, but there is no test whether it is optimal. I don't know if you have any better way.
http://www.cnblogs.com/heekui/archive/2007/01/08/615254.html