|
| |
User Groups : Forums : SiteExperts :
All Topics :
The Server
:  |  Login lockout timeout
I am looking for a way to force a lockout when a user fails to authenticate after 3 attempts. I have a script that counts the attempts then redirects them to a denied.asp page. The user is locked out and can't even get through using a different user ID, but if they close and reopen the browser that can try again. I can't use a session variable for this. Our security will not permit it. So I need something that uses a database. Maybe have a time field in the Users table? I would appreciate some ideas and a little sample code.
tia,
mcnewsxpStarted By mcnewsxp on Aug 22, 2011 at 6:56:33 AM
This message has been edited. | | | 2 Response(s) | Reply |
| Earlier Replies | Replies 2 to 2 of 2 | Later Replies | | | bod1467 on Aug 22, 2011 at 7:42:44 AM (# 2) Have a Lockout table that stores:
UserID
Timestamp of last lockout
Lockout active (boolean - On = yes)
When a user tries to login then check their ID against the lockout table - if there's an active Lockout (boolean) in place then bounce them to the denied page.
Also, when ANY user tries to login (or perhaps use a cron task running every X minutes, e.g. 10) then run some garbage collection code that polls the Lockout table to update any active lockouts that have Now-timestamp greater than a specified value (e.g. 4 hours) and set those to Off.
| | Earlier Replies | Replies 2 to 2 of 2 | Later Replies |
To respond to a discussion, you must first logon.
If you are not registered, please register yourself to become a member of the SiteExperts.community.
|
