logout the previous session for the same user

  • Thread starter Thread starter vincent
  • Start date Start date
V

vincent

Hi,

If i login to the site again (may be in the same pc or
different pc), system must allow me in and end my previous
session.
How do i go about doing this?

This is to ensure that an user can have only one session
at a time.

thanks
Vincent
 
I had to do something similar to this once. I'm not sure if this is the
"best" way to do it but here goes:

On user login I stored the users Session.SessionID and username into a
database. In the Session_End event of Global.asax I added code to delete
the username and session ID from the table. When the user logs in I check
the table to see if there is a current Session entry. If so I gave the user
a message that they had a currently open session and did not allow them to
login until the first session was either closed or timed out.

In your case I see you are looking to end the first session. I'm not sure
exactly how to do this but I would assume there is a way to do so if you
have the Session ID of the Session you would like to end. I'll do some
digging and will post back if I find an answer.

Bryan
 
yeah i store the username and sessionId in the database.
kindly get back to me if you have the answer.
thanks
 
Hello Vincent,

This is fairly easy. You can implement this either as a page filter or as a
method that you elect to call at the beginning of each page.
When you log in, you store the session id and user id in a database. Each
time you navigate from one page to another, you check the
database to see if the session id still matches the value in the db. If
not, you display the message "You've logged in to another computer...
this session has been disconnected." and you reroute the user to the login
page.

It really is that simple. Here's how it works.

Session1: Login -> data is stored in the database (Session 1 User Joe)
Session1: Jump to PageMain
Session1: PageMain checks database. Comparison works (Session 1 = 1, User
Joe = Joe)
Session2: Login -> data is stored in the database (Session 1 User Joe)
Session2: Jump to PageMain
Session2: PageMain checks database. Comparison works (Session 2 = 2, User
Joe = Joe)
Session1: User clicks link on PageMain to PageSomething
Session1: PageSomething checks database. Comparison fails (Session 1 = 2,
User Joe = Joe)
Session1: ends, user redirected to Login page

This works if the user is on the same PC but is logged in as another user,
or if the user is on a different PC. It may not work if the user logs in
twice on the same PC since the session number would be tracked by a cookie,
and the same cookie would be generated for each window. This is the nature
of a browser, and is by design.

If you are not implementing as a page filter, you have to remember to call
your "check the database" routine at the top of every page.

Hope this helps,
--- Nick
 
Hi Nick,

You are telling not allowing the user to login the second
time. But my situation is different. I allow the user the
second time but must logout his previous session.so when
he goes back to his previous session or first opened
browser, he should be kicked out (may be on any request to
the server).

Regards
vincent
 
Back
Top