Force a logged-in user to log in by not activating his session

Question

Force a logged-in user to log in by not activating his session

I have an ASP.NET MVC application running on IIS7. I use sessions to track registered users. There is a session called IsSignedIn. ("true" means that this user is currently logged in).

I also have an admin page for my application.

Now, say, user1, which is already signed up, should be immediately disconnected from using the service. Therefore, I want to invalidate the session variables set for user1 from my administration page (this will force the user to log in again).

Is there a way that I can access / change session variables set by each registered user on my administration page?

+3

c # asp.net-mvc iis session

xraminx Oct 21 '09 at 18:32

source share

2 answers

? SQL-, , . .

, , , - /.

0

David Lively 21 . '09 18:39

Espo · Accepted Answer · 2009-10-21T18:34:53+0000

You cannot change a session variable from another session.

One way to solve your problem is to save the list of registered users in the Application object, and then change the value in this variable. To do this, you must check at the top of each page that this user is in the list of registered users.

çağdaş , , , , , . - (, )

if(Application["SuspendedUsers"].Contains(Session["UserID"]) {
  Session["IsSignedIn"] = false;
  Application["SuspendedUsers"].Remove(Session["UserID"]);
}

Force a logged-in user to log in by not activating his session

More articles: