0

I am aware of the mechanism for preventing multiple user logins: In asp.net site how to prevent multiple logins of same user id?. My scenario is different.

On my website, a single page checks if the user is logged in (default .NET membership provider). Once the user is authenticated, the page redirects them to a premium service on a third-party server. This means I can't use the above mechanism to check on each page the current session ID against a previously stored session ID.

On login, I need to end all previous sessions for the current user. All methods that I came across (e.g. FormsAuthentication.SignOut) only target current user. Is it possible to log out user by membership user name, so no two visitors to the site use the same user name?

Community
  • 1
  • 1
Ian Levy
  • 65
  • 8

1 Answers1

0

You could create a table/custom membership field/static dictionary/etc that tracks a user's current session ID. When the user logs in, set that value to the current ID. Then, in your global.asax handle Application_AuthenticateRequest and check if the current session matches what you have stored. If not, perform the SignOut/redirect.

Jaime Torres
  • 10,365
  • 1
  • 48
  • 56
  • Whon't this prevent the current user from logging in? I need to allow the current user in, and terminate all previous sessions for this user name. – Ian Levy Aug 15 '12 at 18:12
  • Not if on login you were to set the current Id to the authenticated Id. – Jaime Torres Aug 15 '12 at 20:05