C
Cecil Westerhof
Is it possible to end a session a from another session b, if I know the
SessionID from a?
SessionID from a?
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
B
Bob Barrows [MVP]
Cecil said:Is it possible to end a session a from another session b, if I know
the SessionID from a?
No.
Bob Barrows
P
Patrice
Not easily. Having the whole picture may yield to better suggestions. Why do
you want to do that ?
For example a page could check on each request if it's in the "banned" list
and terminate then. IMO it's worth if you have a very valid reason to end
session. If it's for maintenance, it would be likely better to warn users
beforehand and to disable the site.
Patrice
you want to do that ?
For example a page could check on each request if it's in the "banned" list
and terminate then. IMO it's worth if you have a very valid reason to end
session. If it's for maintenance, it would be likely better to warn users
beforehand and to disable the site.
Patrice
C
Cecil Westerhof
Patrice said:Not easily. Having the whole picture may yield to better suggestions. Why
do
you want to do that ?
Because the way a certain application is built, an user is not allowed to
login more as once. The problem is that when a browser is closed (or
crashes), the session will not be terminated. The user can then not login
anymore untill the session terminates. Because of this, we would like to
give an admin the possibility to terminate a session.
P
Patrice
Another option would be to terminate the previous session when a new one is
opened. This way in case of a crash a user is able to log again without any
admin action.
The downside is that if a second session is opened inadvertentely, this is
the session for the first user that will be terminated (see if this is a
problem in your case or if each user is really using its own single login).
Whatever option you choose, you can't terminate a session from another one.
The only option I see is to check that the session is valid before
processing each HTTP request (for example by recording the current SessionID
for each login allwoing to end a request that would not use the good one).
Hope this helps.
Patrice
--
opened. This way in case of a crash a user is able to log again without any
admin action.
The downside is that if a second session is opened inadvertentely, this is
the session for the first user that will be terminated (see if this is a
problem in your case or if each user is really using its own single login).
Whatever option you choose, you can't terminate a session from another one.
The only option I see is to check that the session is valid before
processing each HTTP request (for example by recording the current SessionID
for each login allwoing to end a request that would not use the good one).
Hope this helps.
Patrice
--
C
Cecil Westerhof
Patrice said:Another option would be to terminate the previous session when a new one
is
opened. This way in case of a crash a user is able to log again without
any
admin action.
The downside is that if a second session is opened inadvertentely, this is
the session for the first user that will be terminated (see if this is a
problem in your case or if each user is really using its own single
login).
That is the problem. They want to use the same login for severall people. I
adviced against it, but this 'saves' work. This is way the default should be
to disallow a login.
Whatever option you choose, you can't terminate a session from another
one.
The only option I see is to check that the session is valid before
processing each HTTP request (for example by recording the current
SessionID
for each login allwoing to end a request that would not use the good one).
I will do something along those lines then.
W
WizyDig
Sounds like bad design pratices. If the logon is tied to a database you
where you are setting a bit this is a bad idea. You can work around
this bad design by shortening the session and writing some on session
end code. That code could automatically reset the logged on bit. The
problem with this will come when the users complain that they were
forced to log back on when there machine was only idle for they will
claim was 2 or 3 minutes. This will be true even if the sesion time out
is 10 minutes. Good Luck with it but sounds like you or your supervisor
should have a discussion with the users about what a bad idea sharing a
logon is.
Wiz
where you are setting a bit this is a bad idea. You can work around
this bad design by shortening the session and writing some on session
end code. That code could automatically reset the logged on bit. The
problem with this will come when the users complain that they were
forced to log back on when there machine was only idle for they will
claim was 2 or 3 minutes. This will be true even if the sesion time out
is 10 minutes. Good Luck with it but sounds like you or your supervisor
should have a discussion with the users about what a bad idea sharing a
logon is.
Wiz
M
Mark Schupp
Keep a flag in a database for each logged in user. If the flag is set do not
let them log in. When the user logs out clear the flag. Give the
administrator a function to clear flags for specific users.
let them log in. When the user logs out clear the flag. Give the
administrator a function to clear flags for specific users.
P
Patrice
Bad karma I'm afraid. Having both a single login for multiple peoples and a
single session alloweds for each login will lead IMO to a nightmare...
Are they aware that doing so will mean that from several people, you'll have
only one able to log in the application at any one time ? You could still
try to convince them (how about having a single network login for several
people ?)
1) It would allow first to have under normal circumstances one login for
each people and to lighten this problem
2) Later you could perhaps see if the app could ends this limitation
allowing sometimes to have several sessions under the same login if they
really need.
Good luck.
Patrice
single session alloweds for each login will lead IMO to a nightmare...
Are they aware that doing so will mean that from several people, you'll have
only one able to log in the application at any one time ? You could still
try to convince them (how about having a single network login for several
people ?)
1) It would allow first to have under normal circumstances one login for
each people and to lighten this problem
2) Later you could perhaps see if the app could ends this limitation
allowing sometimes to have several sessions under the same login if they
really need.
Good luck.
Patrice
C
Cecil Westerhof
Cecil Westerhof said:Is it possible to end a session a from another session b, if I know the
SessionID from a?
Everyone thanks for there hints.
I opted for the following solution.
When a session terminates or an user logs off I set offline on true.
This does not work always, so I also keep the last access from a session. If
this is longer ago as the session timeout I set offline on true.
Also on application start I set all oflines on true.
This seems to work.
The only problem is that an user can close its browser. He then has to wait
on the session time-out.
Ask a Question
Want to reply to this thread or ask your own question?
You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.
Similar Threads
Forum statistics
Latest Threads
-
Can I stop HTTPS?
- Started by IBMJunkman
-
Stephanie Beaudeau Emsworth is Running a Prostitution Ring
- Started by verona
-
Reverse search for a website
- Started by DRCM
-
What are the key advantages of using a SaaS (Software as a Service) model for application development?
- Started by remotedevelopers
-
How to build a database-driven web page
- Started by av3mar1a153
-
Hola
- Started by luuciefer
-
Using a DTSX file with GoDaddy
- Started by IBMJunkman