469,572 Members | 1,199 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 469,572 developers. It's quick & easy.

delete session data for other users logged on

jjw
I have a website that requires users to login. We track them by using
sessions. We record the time and date that they login, their session
id, the last page they visited, etc in a database. As as admin, I
would like to be able to login and force a logout of other users logged
in. Is this possible? I have looked online but there doesn't seem to
be any information that addresses this.

Aug 29 '06 #1
5 3839
The only feasible way to do this would be to kick everyone out by restarting
the app and killing all the sessions. Something else to look into is
storing the login status in a database instead of using sessions.

Ray at work

"jjw" <bi*********@gmail.comwrote in message
news:11**********************@74g2000cwt.googlegro ups.com...
>I have a website that requires users to login. We track them by using
sessions. We record the time and date that they login, their session
id, the last page they visited, etc in a database. As as admin, I
would like to be able to login and force a logout of other users logged
in. Is this possible? I have looked online but there doesn't seem to
be any information that addresses this.

Aug 29 '06 #2
jjw
ok, thanks a lot for your reply

jjw

Ray Costanzo [MVP] wrote:
The only feasible way to do this would be to kick everyone out by restarting
the app and killing all the sessions. Something else to look into is
storing the login status in a database instead of using sessions.

Ray at work

"jjw" <bi*********@gmail.comwrote in message
news:11**********************@74g2000cwt.googlegro ups.com...
I have a website that requires users to login. We track them by using
sessions. We record the time and date that they login, their session
id, the last page they visited, etc in a database. As as admin, I
would like to be able to login and force a logout of other users logged
in. Is this possible? I have looked online but there doesn't seem to
be any information that addresses this.
Aug 29 '06 #3
Ray Costanzo [MVP] wrote on 29 aug 2006 in
microsoft.public.inetserver.asp.general:
The only feasible way to do this would be to kick everyone out by
restarting the app and killing all the sessions. Something else to
look into is storing the login status in a database instead of using
sessions.
Start each user page with:
if application("killAll") = "do" then session.abandon:response.end

kill.asp [only with password]:
application("killAll") = "do"

unkill.asp [when used after the session timeout time]:
application("killAll") = "notSo"

Would this work?

--
Evertjan.
The Netherlands.
(Please change the x'es to dots in my emailaddress)
Aug 29 '06 #4
jjw

Evertjan. wrote:
Ray Costanzo [MVP] wrote on 29 aug 2006 in
microsoft.public.inetserver.asp.general:
The only feasible way to do this would be to kick everyone out by
restarting the app and killing all the sessions. Something else to
look into is storing the login status in a database instead of using
sessions.

Start each user page with:
if application("killAll") = "do" then session.abandon:response.end

kill.asp [only with password]:
application("killAll") = "do"

unkill.asp [when used after the session timeout time]:
application("killAll") = "notSo"

Would this work?

--
Evertjan.
The Netherlands.
(Please change the x'es to dots in my emailaddress)
thanks for your reply. that would work, and I kinda thought of
something like that, but your way implements it a bit better. anyway,
the only bad part is I'd have to add it to each and every page, but
that's probably what I'll be doing.

Aug 30 '06 #5
jjw wrote on 31 aug 2006 in microsoft.public.inetserver.asp.general:
>
Evertjan. wrote:
>Ray Costanzo [MVP] wrote on 29 aug 2006 in
microsoft.public.inetserver.asp.general:
The only feasible way to do this would be to kick everyone out by
restarting the app and killing all the sessions. Something else to
look into is storing the login status in a database instead of using
sessions.

Start each user page with:
if application("killAll") = "do" then session.abandon:response.end

kill.asp [only with password]:
application("killAll") = "do"

unkill.asp [when used after the session timeout time]:
application("killAll") = "notSo"

Would this work?

thanks for your reply. that would work, and I kinda thought of
something like that, but your way implements it a bit better. anyway,
the only bad part is I'd have to add it to each and every page, but
that's probably what I'll be doing.
There is a minor(!) problem with this:

If a user "refreshes" the session by calling a non-asp file,
like .jpg, .pdf, .html, repeatedly, I suppose that session could
be left intact when running unkill after 20 minutes.

If this flaw bothers you,
perhaps you would have to use an incrementing "killLevel" number:

Start each user page with:

if session("killall") = "" then
session("killall") = application("killAll")
end if
if application("killAll") session("killall") then
session.abandon
response.end
end if

This will set to self-kill all sessions
that are "old" when you increase this killall level with:

kill.asp [only with password]:

application("killAll") = application("killAll") + 1

and in global.asa application onstart:

application("killall") = 0

[no unkill in this scheme]

--
Evertjan.
The Netherlands.
(Please change the x'es to dots in my emailaddress)
Aug 31 '06 #6

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

3 posts views Thread by masoud bayan | last post: by
13 posts views Thread by Sanders Kaufman | last post: by
15 posts views Thread by =?Utf-8?B?QmVuamFtaW4gSmFuZWNrZQ==?= | last post: by
2 posts views Thread by RSH | last post: by
8 posts views Thread by pim | last post: by
9 posts views Thread by Josh | last post: by
16 posts views Thread by Jonathan Wood | last post: by
4 posts views Thread by guiromero | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.