locked
Force log-out during concurrent login in ASP.Net 4.0 RRS feed

  • Question

  • User-1106538994 posted

    Hi All,

    How can we achieve to avoid concurrent login of same user in different browser window and enable a force logout of previous session.

    Example: "UserA" logins to my application, I should avoid "UserA" to relogin to the same application.

    In my application, I am creating a session ID for the users login my application and inserting it to DB.

    Insert Into SessionTbl(Session_ID, User_ID) values (123432, 'UserA')

    If the user - "UserA" relogin again my application, how can I send web response to alert user already login in the old session, and open new session for the relogin.

    I want a force-logout in the old session and create new session for the relogin.

    Your ideas will help me a lot.

    Thanks you,

    Jothe Rengarajan

    Tuesday, March 22, 2016 10:50 AM

Answers

  • User-986267747 posted

    Hi Jothe,

    If the user - "UserA" relogin again my application, how can I send web response to alert user already login in the old session, and open new session for the relogin.

    I want a force-logout in the old session and create new session for the relogin.

    According to your description, i suggest that you should save the session id in session or cookie when you creating a session ID for the users login your application, then you could check if the Session_ID is changed for the current user when you send a request to server side every time, if the Session_ID have changed for the current user, you should force the current use using the old session to log out.

    Besides, when the user first login the website, you should check if the Session_ID have exist in your SessionTbl table , if the record have exist, you should get the error message that the user already login the website with the old session. Of course, when the user exits the site normally, we need to clear the record in the SessionTbl table.

    Best Regards,

    Klein zhang

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Wednesday, March 23, 2016 3:22 AM

All replies

  • User-286291038 posted

    Hi,

    How about having another column in your table indicating whether the user is logged in or not? You can insert a value of say 1 along with the sessionID. So if the user logs in again in another location, you can check this value to determine if the `user is already logged in somewhere. You need to ensure that whenever the user logs off, to update this value to 0 or something that indicates that this session is not active anymore.

    Tuesday, March 22, 2016 1:39 PM
  • User-1106538994 posted

    Thank you for your response, As per my logic I will delete the Session information inserted for "UserA" once he logs off. So next time when he relogin after he log-out his older session, a new Session detail is inserted with a different random number. 

    I am unable to find a solution, to how to implement a method to send a server response to force-logout of this user in his older session, in the event of when he is trying to relogin without logging out his older session.

    In short, How to send a server response to force-logoff his older session.

    Thank you!!

    Wednesday, March 23, 2016 2:48 AM
  • User-986267747 posted

    Hi Jothe,

    If the user - "UserA" relogin again my application, how can I send web response to alert user already login in the old session, and open new session for the relogin.

    I want a force-logout in the old session and create new session for the relogin.

    According to your description, i suggest that you should save the session id in session or cookie when you creating a session ID for the users login your application, then you could check if the Session_ID is changed for the current user when you send a request to server side every time, if the Session_ID have changed for the current user, you should force the current use using the old session to log out.

    Besides, when the user first login the website, you should check if the Session_ID have exist in your SessionTbl table , if the record have exist, you should get the error message that the user already login the website with the old session. Of course, when the user exits the site normally, we need to clear the record in the SessionTbl table.

    Best Regards,

    Klein zhang

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Wednesday, March 23, 2016 3:22 AM