Hello Vincent,
This is fairly easy. You can implement this either as a page filter or as a
method that you elect to call at the beginning of each page.
When you log in, you store the session id and user id in a database. Each
time you navigate from one page to another, you check the
database to see if the session id still matches the value in the db. If
not, you display the message "You've logged in to another computer...
this session has been disconnected." and you reroute the user to the login
page.
It really is that simple. Here's how it works.
Session1: Login -> data is stored in the database (Session 1 User Joe)
Session1: Jump to PageMain
Session1: PageMain checks database. Comparison works (Session 1 = 1, User
Joe = Joe)
Session2: Login -> data is stored in the database (Session 1 User Joe)
Session2: Jump to PageMain
Session2: PageMain checks database. Comparison works (Session 2 = 2, User
Joe = Joe)
Session1: User clicks link on PageMain to PageSomething
Session1: PageSomething checks database. Comparison fails (Session 1 = 2,
User Joe = Joe)
Session1: ends, user redirected to Login page
This works if the user is on the same PC but is logged in as another user,
or if the user is on a different PC. It may not work if the user logs in
twice on the same PC since the session number would be tracked by a cookie,
and the same cookie would be generated for each window. This is the nature
of a browser, and is by design.
If you are not implementing as a page filter, you have to remember to call
your "check the database" routine at the top of every page.
Hope this helps,
--- Nick