However, is it possible to prevent two or more people from using the same ID to log in simultaneously? I can attempt to prevent concurrent logins by storing a user’s login status in the database and providing no data to populate a webpage if the login status is active. I may also have a column on the database called Login Duration Allowed which is a number that indicates how long a user can stay logged in and a column called Login Duration wh. The value of allowed login duration can be set by the user and once the user has stayed logged in longer than this number or logged out, the Login Status column in a database table will have the value Idle and the connection duration will be set to zero. When the login status has a value of inactive, users will need to login again and once they do, the login status will be set to active again and the login time will also start counting again. Not sure if this is adequate security, please advise.
I’m a bit confused as to what you are asking. You say you don’t use a “backend framework” but mention backend languages and frameworks together (PHP is a language, Spring is a framework while something like Codeigniter is a framework built on top of PHP). Do you see how it works?
You write web-based C# code through a framework like ASP.NET that provides you with the bridge of handling an HTTP request through code that was not originally designed to be web-based (C#). A framework can also be a simple set of rules used to standardize, simplify, and secure the code that is written. In exchange, you sacrifice some flexibility to do anything.
Can you write HTML code that submits data to an API endpoint? Sure. How that endpoint then takes the data and processes it is usually based on some sort of framework or language that understands HTTP data and what to do with it. C# needs something like ASP.NET, but PHP was designed to be a web language, so it doesn’t need a framework at all. You can write a standalone PHP script and handle all processing and security of that data.
Regarding your questions related to logins, you usually use something like “sessions” which keeps a user isolated from each other. You verify that the user is the correct user by matching their username and password and, if passed, you create a unique session for them which they then use to view material relevant to them uniquely. Again, depending on the technology you’re using, this may or may not be handled by a framework. PHP again manages sessions as a core feature of its language and you don’t need something like Codeigniter or CakePHP to manage sessions for you.
But frameworks are commonly used because they help speed up development, reduce security issues, and simplify the code you write.
Maybe if you let us know what you’re looking to use in terms of technologies, you might be able to get some more focused advice on whether things are possible or not.
I guess you missed where I said I wasn’t using a “full-fledged backend framework”. I also said that I wasn’t using Dotnet MVC which according to Wikipedia started as a programming model and then evolved into a framework. So basically I’m thinking of only using Dotnet’s Web API and not MVC which is a framework, but I guess you can be picky and say this still uses a framework.