restrict 1 active session per user

Discussion in 'ASP .Net Security' started by Guest, Feb 1, 2004.

  1. Guest

    Guest Guest

    Well, the best way to do this in my opinion would be to
    follow the rule of "most recent user is the active
    user". This means if I login on one machine, then
    another ... the first session is the one that is cut
    off. If the first session then logs in again the second
    second would then get cutoff. It's a neverending cycle!

    You need to:

    1. When a user logs in through forms auth, store their
    username and ASP session ID in the Application object.
    Make it so that it would overwrite a user with the same
    name if one already existed. You could do this with
    arrays, objects, strings or however but store the
    username and session together so that you can look them
    up later easily.
    1. On each non-logon page, check the the username and
    session ID against what is in the Application object. If
    it's not there with the same username and sessionid,
    SignOut the forms auth and Abandon their session. Then
    redirect then to login.

    Now, the code part depends on VB.Net, C#, etc. but from
    the description above you should have no problem. Anyone
    who can code forms auth can certainly do the above. But
    if you do need help just email.

    >-----Original Message-----
    >Hi,
    >
    >I am using forms authentication. How do I avoid a user

    from logging in from multiple computers simultaneously.
    >
    >When a user logs in, I would like to abandon all other

    active sessions of this user.
    >
    >Thanks,
    >John
    >.
    >
    Guest, Feb 1, 2004
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Jeff Smythe
    Replies:
    3
    Views:
    1,230
    Jeff Smythe
    Jan 2, 2004
  2. =?Utf-8?B?S01aX3N0YXRl?=

    Quick one - Is SESSION per browser instance or per IP Address?

    =?Utf-8?B?S01aX3N0YXRl?=, Apr 4, 2006, in forum: ASP .Net
    Replies:
    7
    Views:
    5,864
    gerry
    Apr 10, 2006
  3. Razvan
    Replies:
    1
    Views:
    405
    tony vee
    Sep 10, 2004
  4. Replies:
    5
    Views:
    2,522
  5. Replies:
    0
    Views:
    340
Loading...

Share This Page