tags:

views:

37

answers:

1

I've an admin and client site. Multiple users will view at client site at the same time. It is possible that I can force the users logout of my client site from admin site? I'm now using classic ASP and the In Proc session is used. Is there a way where I can kill all the sessions of the users and force them to logout?

A: 

Delete the sessions. Assuming you don't allow unauthenticated users past a certain point, this should kick them back to the login

Andy
Because sessions are stored in their own web server. And I cannot access to their sessions and delete it. Any ideas?
lipkee85
You may want to pose this question to the superuser.com site
AndrewB
Store your sessions in the database your application uses.
Andy
Andy - if I store the sessions in database, I need to do checking for every page refresh to see whether the sessions are still in database or not..it's time consuming..I was thinking of killing the sessions in other machines and force them to logout
lipkee85
Do something like this:http://support.microsoft.com/kb/299987At the beginning of each page you would add a simple check with three lines of code. See the "Add validation code to pages" portion of that link.
Andy
if i'm not wrong, the simple check is the validation code only checks for if the session is blank..but how am i going to clear the session if the session is stored in their own machine? if the session is stored in database, for each page refresh i need to query for the database to check whether the session is still there or not..which is time-consuming
lipkee85
Sessions are stored on the webserver/database. Cookies are stored on the user machine. Additionally, the application is automatically looking up the session in the database (or session file) each time you check it in your application. That is no slower than doing a 'if session("UID")="" ' each page load. You aren't doing a specific query to see if the session exists, just that if statement.
Andy

related questions