By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
424,490 Members | 1,223 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 424,490 IT Pros & Developers. It's quick & easy.

Ending a session

P: n/a
Is it possible to end a session a from another session b, if I know the
SessionID from a?
Jul 22 '05 #1
Share this Question
Share on Google+
11 Replies


P: n/a
Cecil Westerhof wrote:
Is it possible to end a session a from another session b, if I know
the SessionID from a?


No.

Bob Barrows
--
Microsoft MVP - ASP/ASP.NET
Please reply to the newsgroup. This email account is my spam trap so I
don't check it very often. If you must reply off-line, then remove the
"NO SPAM"
Jul 22 '05 #2

P: n/a
Not easily. Having the whole picture may yield to better suggestions. Why do
you want to do that ?

For example a page could check on each request if it's in the "banned" list
and terminate then. IMO it's worth if you have a very valid reason to end
session. If it's for maintenance, it would be likely better to warn users
beforehand and to disable the site.

Patrice

--

"Cecil Westerhof" <so*****@microsoft.com> a écrit dans le message de
news:uS**************@TK2MSFTNGP14.phx.gbl...
Is it possible to end a session a from another session b, if I know the
SessionID from a?

Jul 22 '05 #3

P: n/a
"Patrice" <no****@nowhere.com> wrote in message
news:un**************@TK2MSFTNGP15.phx.gbl...
Not easily. Having the whole picture may yield to better suggestions. Why
do
you want to do that ?


Because the way a certain application is built, an user is not allowed to
login more as once. The problem is that when a browser is closed (or
crashes), the session will not be terminated. The user can then not login
anymore untill the session terminates. Because of this, we would like to
give an admin the possibility to terminate a session.
Jul 22 '05 #4

P: n/a
Another option would be to terminate the previous session when a new one is
opened. This way in case of a crash a user is able to log again without any
admin action.

The downside is that if a second session is opened inadvertentely, this is
the session for the first user that will be terminated (see if this is a
problem in your case or if each user is really using its own single login).

Whatever option you choose, you can't terminate a session from another one.
The only option I see is to check that the session is valid before
processing each HTTP request (for example by recording the current SessionID
for each login allwoing to end a request that would not use the good one).

Hope this helps.

Patrice

--

"Cecil Westerhof" <so*****@microsoft.com> a écrit dans le message de
news:eF**************@TK2MSFTNGP09.phx.gbl...
"Patrice" <no****@nowhere.com> wrote in message
news:un**************@TK2MSFTNGP15.phx.gbl...
Not easily. Having the whole picture may yield to better suggestions. Why do
you want to do that ?


Because the way a certain application is built, an user is not allowed to
login more as once. The problem is that when a browser is closed (or
crashes), the session will not be terminated. The user can then not login
anymore untill the session terminates. Because of this, we would like to
give an admin the possibility to terminate a session.

Jul 22 '05 #5

P: n/a
"Patrice" <no****@nowhere.com> wrote in message
news:uW**************@TK2MSFTNGP09.phx.gbl...
Another option would be to terminate the previous session when a new one
is
opened. This way in case of a crash a user is able to log again without
any
admin action.

The downside is that if a second session is opened inadvertentely, this is
the session for the first user that will be terminated (see if this is a
problem in your case or if each user is really using its own single
login).
That is the problem. They want to use the same login for severall people. I
adviced against it, but this 'saves' work. This is way the default should be
to disallow a login.

Whatever option you choose, you can't terminate a session from another
one.
The only option I see is to check that the session is valid before
processing each HTTP request (for example by recording the current
SessionID
for each login allwoing to end a request that would not use the good one).


I will do something along those lines then.
Jul 22 '05 #6

P: n/a
Sounds like bad design pratices. If the logon is tied to a database you
where you are setting a bit this is a bad idea. You can work around
this bad design by shortening the session and writing some on session
end code. That code could automatically reset the logged on bit. The
problem with this will come when the users complain that they were
forced to log back on when there machine was only idle for they will
claim was 2 or 3 minutes. This will be true even if the sesion time out
is 10 minutes. Good Luck with it but sounds like you or your supervisor
should have a discussion with the users about what a bad idea sharing a
logon is.

Wiz

*** Sent via Developersdex http://www.developersdex.com ***
Don't just participate in USENET...get rewarded for it!
Jul 22 '05 #7

P: n/a
Keep a flag in a database for each logged in user. If the flag is set do not
let them log in. When the user logs out clear the flag. Give the
administrator a function to clear flags for specific users.

--
--Mark Schupp
Head of Development
Integrity eLearning
www.ielearning.com

"Cecil Westerhof" <so*****@microsoft.com> wrote in message
news:eF**************@TK2MSFTNGP09.phx.gbl...
"Patrice" <no****@nowhere.com> wrote in message
news:un**************@TK2MSFTNGP15.phx.gbl...
Not easily. Having the whole picture may yield to better suggestions. Why
do
you want to do that ?


Because the way a certain application is built, an user is not allowed to
login more as once. The problem is that when a browser is closed (or
crashes), the session will not be terminated. The user can then not login
anymore untill the session terminates. Because of this, we would like to
give an admin the possibility to terminate a session.

Jul 22 '05 #8

P: n/a
Bad karma I'm afraid. Having both a single login for multiple peoples and a
single session alloweds for each login will lead IMO to a nightmare...
Are they aware that doing so will mean that from several people, you'll have
only one able to log in the application at any one time ? You could still
try to convince them (how about having a single network login for several
people ?)

1) It would allow first to have under normal circumstances one login for
each people and to lighten this problem
2) Later you could perhaps see if the app could ends this limitation
allowing sometimes to have several sessions under the same login if they
really need.

Good luck.

Patrice
--
--

"Cecil Westerhof" <so*****@microsoft.com> a écrit dans le message de
news:OF*************@TK2MSFTNGP12.phx.gbl...
"Patrice" <no****@nowhere.com> wrote in message
news:uW**************@TK2MSFTNGP09.phx.gbl...
Another option would be to terminate the previous session when a new one
is
opened. This way in case of a crash a user is able to log again without
any
admin action.

The downside is that if a second session is opened inadvertentely, this is the session for the first user that will be terminated (see if this is a
problem in your case or if each user is really using its own single
login).
That is the problem. They want to use the same login for severall people.

I adviced against it, but this 'saves' work. This is way the default should be to disallow a login.

Whatever option you choose, you can't terminate a session from another
one.
The only option I see is to check that the session is valid before
processing each HTTP request (for example by recording the current
SessionID
for each login allwoing to end a request that would not use the good
one).
I will do something along those lines then.

Jul 22 '05 #9

P: n/a
Here's a small problem with having an admin reset the bit. It cost the
company money to have the help desk constantly reseting the bit. It
will make it look like your app was not written well. If this is a
small company with no help desk then i guess it's no big deal to have
someone in the user group be an admin level user that could reset the
bit. Why not trian them to log out properly. In your log out code you
can end the session. If they are not able to get back in because they
forgot to log out properly it will reinforce the need to log out
properly. In large companies they keep stats on which apps have the
most calls and why. Beware of relying on the help desk to solve your
problems it could shorten your stay with the company. I've seen this
happen.

Wiz

*** Sent via Developersdex http://www.developersdex.com ***
Don't just participate in USENET...get rewarded for it!
Jul 22 '05 #10

P: n/a
There is no "logout" in HTTP.

They can just close their browser.

Jeff

"WizyDig" <so*****@microsoft.com> wrote in message
news:eK**************@TK2MSFTNGP11.phx.gbl...
Here's a small problem with having an admin reset the bit. It cost the
company money to have the help desk constantly reseting the bit. It
will make it look like your app was not written well. If this is a
small company with no help desk then i guess it's no big deal to have
someone in the user group be an admin level user that could reset the
bit. Why not trian them to log out properly. In your log out code you
can end the session. If they are not able to get back in because they
forgot to log out properly it will reinforce the need to log out
properly. In large companies they keep stats on which apps have the
most calls and why. Beware of relying on the help desk to solve your
problems it could shorten your stay with the company. I've seen this
happen.

Wiz

*** Sent via Developersdex http://www.developersdex.com ***
Don't just participate in USENET...get rewarded for it!

Jul 22 '05 #11

P: n/a
"Cecil Westerhof" <so*****@microsoft.com> wrote in message
news:uS**************@TK2MSFTNGP14.phx.gbl...
Is it possible to end a session a from another session b, if I know the
SessionID from a?


Everyone thanks for there hints.

I opted for the following solution.

When a session terminates or an user logs off I set offline on true.
This does not work always, so I also keep the last access from a session. If
this is longer ago as the session timeout I set offline on true.
Also on application start I set all oflines on true.
This seems to work.

The only problem is that an user can close its browser. He then has to wait
on the session time-out.
Jul 22 '05 #12

This discussion thread is closed

Replies have been disabled for this discussion.