Member Avatar for shankbond

Hi,

I am having a web application, which can be accessed by different users based on their userid's and passwords.

Now I want to prevent users from accessing the application from more than one system.

In order to prevent this I have created a table with three columns as :

userid password flag


with flag having two values (true, false)

true means that user is logged in

false means looged off

session id generated by the server when the session is created

SESSION.SESSIONID gets the id generated on the IIS.

reference: http://msdn.microsoft.com/en-us/library/ms524326.aspx

now how can I delete it?

so that there can be only one user per user id.
In short I want to implement a feature used by gmail where one user can expire or log out all other users on different machines using same user id's.
am I right in achieving the goal?

I don't want to use Asp.net MembershipProvider.


thanks

Shankbond

  • 2 Contributors
  • 2 Replies
  • 174 Views
  • 9 Hours Discussion Span
  • Latest Post Latest Post by shankbond
Member Avatar for DangerDev

In short I want to implement a feature used by gmail where one user can expire or log out all other users on different machines using same user id's.

you can do this by having a table(say login_detail) in server with column:
UserId, ClientSessionValue

When ever user login, store unique cookie(ClientSessionValue) in browser as well as in login_detail table. so if user is going to login from 3 machine, store his id 3 times against the 3 different ClientSessionValue in data base table.

So when ever user want to logout from a machine, delete one row from login_detail of corresponding ClientSessionValue.

When ever any request will come from client it will come with ClientSessionValue cookie. so if this value is not present against that user means, that user is logged out of that machine.

Now, if user want to expire or log out all other login from different machines, just delete all rows except one row from where delete request has come.

Member Avatar for shankbond

When ever any request will come from client it will come with ClientSessionValue cookie. so if this value is not present against that user means, that user is logged out of that machine.

.

How am I going to delete that client session value?
that is what I am trying to know ?
any help shall be appreciated
thanks

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.