My suggestion would be to keep track of the current sessionID and last page
request time for the user in a datasource record.
In the Authentication_Request event in the Global.asax, if the user is
authenticated you would write the current time and sessionID to the record.
Prior to that in the same event, you would check to see if there is an entry
for the same user that has 1) a different sessionID, and 2) if the
difference between the current time and the last entry is greater than the
timeout period.
If there is a time entry difference that is less than the timeout, and the
sessionID is different, deny the authentication, otherwise let it through
and write the entry with the new time and SessionID.
In the Session_End event, set the time in the datasource record to a date
and time sometime way in the past (1/1/1900 0100 AM) for any record with the
SessionID in that event.
I'm sure there are a number of ways to do it, but I think this would work.
-Darrin
"Kevin Burton" <Ke*********@discussions.microsoft.com> wrote in message
news:14**********************************@microsof t.com...
I am sorry but I need the 101 version of this.
Another use suggested adding code to the Session_End event. This makes
sense
but I don't see the Session_End event in the list of available events to
add
in the Init from HttpApplication.
When you mention a user "hitting" a page do you mean begin request? How do
I
know what the user is at that point? How do I "give out a ticket" in a
hidden
field. I am assuming that this involves modifying the "normal" response
page
generated for the request. Where would be the best place to do this?
From another post I read that the HttpApplication class is pooled and the
HttpModules are created from HttpApplication class as specified in
web.config. Based on this information there doesn't seem to be a global
place
to reliably keep state for the application. Right?
Thank you for your input.
Kevin
"bruce barker" wrote:
there is no reliable way to detect browser close, or if the user just
navigated to another site.
your best option is to use a ticket system. when the user hits a page,
give
out a ticket (in a hidden field) and test for it on postback. allow only
one
active ticket per user. you can also timeout the ticket, and require a
new
login. if the user requests a new page, cancel the old ticket, and assign
a
new ticket. this handles the user closing the browser or navigating away
from yor site, then coming back.
-- bruce (sqlwork.com)
"anoj" <su********@gmail.com> wrote in message
news:11**********************@f14g2000cwb.googlegr oups.com...
| Hi All
|
| i need to prevent multiple logins from the same user at the same time.
| what is the best way to do this .
|
| How can i detect if a user closes the browser window without logging
| out so tht his/her id can be removed from the global list maintained
| for the looged in users
|
|
| Kindly help
|
| Regards,
|
| Anoj Kumar
|