> Hello,
I'm coding a web application using ASP.NET 2.0 with forms
authentication.
I don't want the same user to log-in twice.
I need to detect whether the user is trying to log-in while another
session for that user is still active.
Is there a way I can prevent this?
Thanks.
You will need to remember all logins in Application scope. Plus a
Session_End handler that removes the current user from that list
(and also remove that user on logout). Check that list after the
succesful password check.
One problem that's inherent to this: when the user closes his browser
without logging out, he can't log back in until that original
session expires in 20 minutes or so. Be sure to mention that along
with the "you can't login twice" message.
Hans Kesting