All geek questions in one place

In ASP.Net, can I find out if another session exists or is the session id valid?

Is there a way to find out if a session id is valid from an existing request context? In this case, if I am assigned a session identifier, and I am in another session initiated by the Http request, and I am on the page or in some class, can I check this session identifier, if it is valid and currently exists and was not left?

The reason for this is that we need to block the user login process on the page for the project that I am working on so that each user can log in only once. My thought about this was to add the session identifier column to the user table, if it is not valid, they are logged out, and it is installed when they log in and are cleared when they log out or in Session_End in global.asax. However, if for some reason the session was refused without clearing it, I will need to register them again, and in this case, when they log in and it finds the session ID in this column, I think it should somehow then check if this session id is active and valid, if not, it will reset to its new session id and allow them to log in.

thanks

+6
source share
4 answers

You need to save the sessions in the database to find them earlier.
For more information, see HOW: Configure SQL Server to Store ASP.NET Session State

+2
source

The only way I can think of is to do, as Nepertz says, and store your sessions in the database using the SQLServer session provider, that is, you can then use the SQL query to find out what is available.

But there are some caveats:

  • I believe that the session identifier stored in the session database table is not quite the same as the session identifier that you can access from the code. I canโ€™t remember exactly where I read it, but I think I had this problem when I was doing something similar to control all active sessions.
  • The global Session_End event never fires when the SQLServer session provider is used.
  • Unless you explicitly use Session.Abandon() in your code to end a session (for example, when a user logs out), your sessions may freeze until the SQL agent clears all expired sessions. This means that if someone just closed the browser window, then their session will still be displayed as โ€œactiveโ€, which may complicate your implementation.
+1
source

Another option you had / had :-) would be to use WeakReferences:

  • a Dictionary<youruseridtype,WeakReference> is stored at the application level as Application ["mySessionDictionnary"]
  • when you start a session, you save the user ID and WeakReference value for the Session object itself in Dictionnary
  • when the user wants to log in, you check the Dictionnary for your identifier. If there is a non-empty WeakReference function for the Session object, you can Abandon () this existing Session object, ensuring that there is no more than one active session per user.

The WeakReference guarantees that you will not tolerate memory leaks.

NB: this will only work with inProc session management. Since Dictionnary will not survive an application restart, it should be the same for sessions.

Hope you have already found the right answer to your problem; -)

+1
source

There is no direct way to check for SessionId. Parameters:

  • You can implement your own session state provider (or maybe an ID manager will be enough) to open access to this information ( http://msdn.microsoft.com/en-us/library/aa479024.aspx ).
  • Just try to fool by setting a session id cookie based on the id that you think the current user should have and redisplay the page. One second request you can see if this identifier corresponds to the actual state and re-registration, if necessary.

Note. I would not use a session identifier for this purpose, as you will rely on implementation details. Maybe just dropping sessions that don't look last for this user will work. The presence of the "my current session name" property stored in Session["someName"] and in the user database should be enough to reject the rendering of old sessions.

0
source

Source: https://habr.com/ru/post/906969/

More articles:


All Articles