tags:

views:

183

answers:

1
Q: 

Kill ASP .NET user session from admin session

I own a gaming website. From time to time I need to suspend users for different reasons. They cheat or they are bad users with bad intention. After suspending users, they can't login anymore on my site, until the suspend period expire.

However, after suspending an user he still can acces the site, can chat with other users, can create forum posts, can do everyting, that's because he remain logged in on the site. I can't do nothing to this and most of the time I need to restart IIS in order to get rid of bad users.

Is there anyting I can do to kill an user session from my ASP .NET session ? I am against using SQL to store user session variables.

I prefer to check an ASP .NET session/application variable on every user request, and if that variable contain the ID of suspended user, to logged out him immediately.

+2  A: 

You can't acess the session in the way you want. What you could do is keep a list of suspended users in the application cache. On each page request, and each login attempt, you can do a lookup on the list to see if your current user is suspended. If he is, you can then log him out and abandon his session, or prevent the new login.

Ray  2009-12-26 15:24:47
Logins are already prevented. The problem was to logout them immediately (if they are logged in) after suspending them from admin panel. Your idea with Cache variable sounds great to me. This is because Cache is thread safe.
pixel3cs  2009-12-26 15:33:06
This is the correct way to handle this. You have to do a check on each post back to see if they are still a valid user, if not... kick them out.
Clarence Klopfstein  2009-12-26 15:44:35

related questions

Is it better to create Model classes, or just stick with generic database utility class?
What are effective options for embedding video in an ASP.NET web site?
Visual Studio 2008 debugger already attached work-around
Tracking state using ASP.NET AJAX / ICallbackEventHandler
ASP.NET Display SVN Revision Number
ASP.NET URL Rewriting
How can I change the background of a masterpage from the code behind of a content page?
Easy way to AJAX WebControls
How do I define custom web.config sections with potential child elements and attributes for the properties?
ASP.NET MVC "CRUD" Database Sample
Are Multiple DataContext classes ever appropriate?
How to RedirectToAction in ASP.NET MVC without losing request data
Triple Quotes? How do I delimit a databound Javascript string parameter in ASP.NET?
ASP.NET built in user profile, Vs old stile user class/tables
What's a good book for learning ASP?
Bandwith throttling in IIS 6 by IP Address
ASP .Net Custom Client-Side Validation
How to get the value of built, encoded ViewState?
Decent, simple, GIS/mapping component for ASP.NET?
Checklist for IIS 6/ASP.NET Windows Authentication?
How to write to Web.Config in Medium Trust ?
ASP.NET, Visual Studio and Subversion - how to integrate?
Floating Point Number parsing: Is there a Catch All algorithm?
How do I sync the SVN revision number with my ASP.NET web site?
ASP.NET Site Maps