Ending a session

Discussion in 'ASP General' started by Cecil Westerhof, Nov 24, 2004.

  1. Is it possible to end a session a from another session b, if I know the
    SessionID from a?
    Cecil Westerhof, Nov 24, 2004
    #1
    1. Advertising

  2. Cecil Westerhof wrote:
    > Is it possible to end a session a from another session b, if I know
    > the SessionID from a?


    No.

    Bob Barrows
    --
    Microsoft MVP - ASP/ASP.NET
    Please reply to the newsgroup. This email account is my spam trap so I
    don't check it very often. If you must reply off-line, then remove the
    "NO SPAM"
    Bob Barrows [MVP], Nov 24, 2004
    #2
    1. Advertising

  3. Cecil Westerhof

    Patrice Guest

    Not easily. Having the whole picture may yield to better suggestions. Why do
    you want to do that ?

    For example a page could check on each request if it's in the "banned" list
    and terminate then. IMO it's worth if you have a very valid reason to end
    session. If it's for maintenance, it would be likely better to warn users
    beforehand and to disable the site.

    Patrice

    --

    "Cecil Westerhof" <> a écrit dans le message de
    news:uS$...
    > Is it possible to end a session a from another session b, if I know the
    > SessionID from a?
    >
    >
    Patrice, Nov 24, 2004
    #3
  4. "Patrice" <> wrote in message
    news:unTJ$...
    > Not easily. Having the whole picture may yield to better suggestions. Why
    > do
    > you want to do that ?


    Because the way a certain application is built, an user is not allowed to
    login more as once. The problem is that when a browser is closed (or
    crashes), the session will not be terminated. The user can then not login
    anymore untill the session terminates. Because of this, we would like to
    give an admin the possibility to terminate a session.
    Cecil Westerhof, Nov 24, 2004
    #4
  5. Cecil Westerhof

    Patrice Guest

    Another option would be to terminate the previous session when a new one is
    opened. This way in case of a crash a user is able to log again without any
    admin action.

    The downside is that if a second session is opened inadvertentely, this is
    the session for the first user that will be terminated (see if this is a
    problem in your case or if each user is really using its own single login).

    Whatever option you choose, you can't terminate a session from another one.
    The only option I see is to check that the session is valid before
    processing each HTTP request (for example by recording the current SessionID
    for each login allwoing to end a request that would not use the good one).

    Hope this helps.

    Patrice

    --

    "Cecil Westerhof" <> a écrit dans le message de
    news:...
    > "Patrice" <> wrote in message
    > news:unTJ$...
    > > Not easily. Having the whole picture may yield to better suggestions.

    Why
    > > do
    > > you want to do that ?

    >
    > Because the way a certain application is built, an user is not allowed to
    > login more as once. The problem is that when a browser is closed (or
    > crashes), the session will not be terminated. The user can then not login
    > anymore untill the session terminates. Because of this, we would like to
    > give an admin the possibility to terminate a session.
    >
    >
    Patrice, Nov 24, 2004
    #5
  6. "Patrice" <> wrote in message
    news:...
    > Another option would be to terminate the previous session when a new one
    > is
    > opened. This way in case of a crash a user is able to log again without
    > any
    > admin action.
    >
    > The downside is that if a second session is opened inadvertentely, this is
    > the session for the first user that will be terminated (see if this is a
    > problem in your case or if each user is really using its own single
    > login).


    That is the problem. They want to use the same login for severall people. I
    adviced against it, but this 'saves' work. This is way the default should be
    to disallow a login.


    > Whatever option you choose, you can't terminate a session from another
    > one.
    > The only option I see is to check that the session is valid before
    > processing each HTTP request (for example by recording the current
    > SessionID
    > for each login allwoing to end a request that would not use the good one).


    I will do something along those lines then.
    Cecil Westerhof, Nov 24, 2004
    #6
  7. Cecil Westerhof

    WizyDig Guest

    Sounds like bad design pratices. If the logon is tied to a database you
    where you are setting a bit this is a bad idea. You can work around
    this bad design by shortening the session and writing some on session
    end code. That code could automatically reset the logged on bit. The
    problem with this will come when the users complain that they were
    forced to log back on when there machine was only idle for they will
    claim was 2 or 3 minutes. This will be true even if the sesion time out
    is 10 minutes. Good Luck with it but sounds like you or your supervisor
    should have a discussion with the users about what a bad idea sharing a
    logon is.

    Wiz

    *** Sent via Developersdex http://www.developersdex.com ***
    Don't just participate in USENET...get rewarded for it!
    WizyDig, Nov 24, 2004
    #7
  8. Cecil Westerhof

    Mark Schupp Guest

    Keep a flag in a database for each logged in user. If the flag is set do not
    let them log in. When the user logs out clear the flag. Give the
    administrator a function to clear flags for specific users.

    --
    --Mark Schupp
    Head of Development
    Integrity eLearning
    www.ielearning.com

    "Cecil Westerhof" <> wrote in message
    news:...
    > "Patrice" <> wrote in message
    > news:unTJ$...
    >> Not easily. Having the whole picture may yield to better suggestions. Why
    >> do
    >> you want to do that ?

    >
    > Because the way a certain application is built, an user is not allowed to
    > login more as once. The problem is that when a browser is closed (or
    > crashes), the session will not be terminated. The user can then not login
    > anymore untill the session terminates. Because of this, we would like to
    > give an admin the possibility to terminate a session.
    >
    >
    Mark Schupp, Nov 24, 2004
    #8
  9. Cecil Westerhof

    Patrice Guest

    Bad karma I'm afraid. Having both a single login for multiple peoples and a
    single session alloweds for each login will lead IMO to a nightmare...
    Are they aware that doing so will mean that from several people, you'll have
    only one able to log in the application at any one time ? You could still
    try to convince them (how about having a single network login for several
    people ?)

    1) It would allow first to have under normal circumstances one login for
    each people and to lighten this problem
    2) Later you could perhaps see if the app could ends this limitation
    allowing sometimes to have several sessions under the same login if they
    really need.

    Good luck.

    Patrice
    --


    --

    "Cecil Westerhof" <> a écrit dans le message de
    news:...
    > "Patrice" <> wrote in message
    > news:...
    > > Another option would be to terminate the previous session when a new one
    > > is
    > > opened. This way in case of a crash a user is able to log again without
    > > any
    > > admin action.
    > >
    > > The downside is that if a second session is opened inadvertentely, this

    is
    > > the session for the first user that will be terminated (see if this is a
    > > problem in your case or if each user is really using its own single
    > > login).

    >
    > That is the problem. They want to use the same login for severall people.

    I
    > adviced against it, but this 'saves' work. This is way the default should

    be
    > to disallow a login.
    >
    >
    > > Whatever option you choose, you can't terminate a session from another
    > > one.
    > > The only option I see is to check that the session is valid before
    > > processing each HTTP request (for example by recording the current
    > > SessionID
    > > for each login allwoing to end a request that would not use the good

    one).
    >
    > I will do something along those lines then.
    >
    >
    Patrice, Nov 24, 2004
    #9
  10. "Cecil Westerhof" <> wrote in message
    news:uS$...
    > Is it possible to end a session a from another session b, if I know the
    > SessionID from a?


    Everyone thanks for there hints.

    I opted for the following solution.

    When a session terminates or an user logs off I set offline on true.
    This does not work always, so I also keep the last access from a session. If
    this is longer ago as the session timeout I set offline on true.
    Also on application start I set all oflines on true.
    This seems to work.

    The only problem is that an user can close its browser. He then has to wait
    on the session time-out.
    Cecil Westerhof, Nov 29, 2004
    #10
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Thomas Bindzau

    Re: ASPNET Session ending before time

    Thomas Bindzau, Jun 24, 2003, in forum: ASP .Net
    Replies:
    0
    Views:
    1,375
    Thomas Bindzau
    Jun 24, 2003
  2. =?Utf-8?B?RG9uYWxkIFNjb3R0?=

    Session ending prematurely - Forms Authentication

    =?Utf-8?B?RG9uYWxkIFNjb3R0?=, Jul 15, 2005, in forum: ASP .Net
    Replies:
    2
    Views:
    529
    =?Utf-8?B?RG9uYWxkIFNjb3R0?=
    Jul 20, 2005
  3. Fabio Cavassini

    Session not ending?

    Fabio Cavassini, Jan 18, 2006, in forum: ASP .Net
    Replies:
    1
    Views:
    417
    =?Utf-8?B?Q293Ym95IChHcmVnb3J5IEEuIEJlYW1lcikgLSBN
    Jan 18, 2006
  4. Mohun Biswas
    Replies:
    2
    Views:
    568
    Mohun Biswas
    Apr 15, 2004
  5. sarav

    ending a session in servlet

    sarav, Mar 19, 2006, in forum: Java
    Replies:
    1
    Views:
    465
    Andrea Desole
    Mar 20, 2006
Loading...

Share This Page