0

I have a situation in my application where the users should are not allowed to open multiple instances of the application in a browser. So we are reading the cookies, if there is a session already opened we alerting the user that they are attempting to open multiple sessions.

Some times if the browser crashes for some reason the browser is still having the old cookie and when the user is attempting to open the application again the browser is not allowing the user to login. User has to manually delete the cookie from the browser history. The business doesn't want that process.

FYI I am using angularJS

Found the same question in other post but didn't find an answer I want here

Can someone please help me out with this. Thanks in advance!

I came up with the following code. But when the application crashes the cookie is still sitting in the browser and not allowing the user to login at all. The only workaround for me now is to delete the cookie manually from the browser and login.

var duplicateApp = false; function createCookie(name,value,days) { var expires = ""; if (days) { var date = new Date(); date.setTime(date.getTime() + (days*24*60*60*1000)); expires = "; expires=" + date.toUTCString(); } document.cookie = name + "=" + value + expires + "; path=/"; } function readCookie(name) { var nameEQ = name + "="; var ca = document.cookie.split(';'); for(var i=0;i < ca.length;i++) { var c = ca[i]; while (c.charAt(0)==' ') c = c.substring(1,c.length); if (c.indexOf(nameEQ) == 0) return c.substring(nameEQ.length,c.length); } return null; } function eraseCookie(name) { createCookie(name,"",-1); } window.onload = function(){ var MyAppCount=readCookie("MyApp"); if (MyAppCount > 0) { duplicateApp = true; alert("You are attempting to open multiple application sessions.\n\nPlease close any existing application from the web browser before restarting the application."); var win = window.open("about:blank", "_self"); win.close(); } else { duplicateApp = false; createCookie("MyApp", 1, 1); window.onunload = function(){ if (duplicateApp == false) eraseCookie("MyApp"); }; } };

Could you please suggest any changes I have to make to restrict the user to open only single instance of the application.

Improve this question
3
  • Generally, if a single session per user is required, a better option is to invalidate the old session when a new one is created, instead of trying to prevent a new session when an old one exists. This would solve the issue of browsers crashing and will make it so a user is never unable to log in. Commented Nov 21, 2017 at 22:06
  • Sounds like a software logic / architecture problem to me. Commented Nov 21, 2017 at 22:35
  • Thank you so much for your suggestions. That makes sense to invalidate the old session instead of preventing a new session. Commented Nov 22, 2017 at 15:01

1 Answer 1

Reset to default
0

I would typically handle this on the login page by creating a new session and invalidating the old one when a user logs in again with the correct credentials.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Thank you so much for your suggestion. That makes sense to invalidate the old session instead of preventing a new session.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.