tags:

views:

37

answers:

1
Q: 

kill sessions for other machines

I've an admin and client site. Multiple users will view at client site at the same time. It is possible that I can force the users logout of my client site from admin site? I'm now using classic ASP and the In Proc session is used. Is there a way where I can kill all the sessions of the users and force them to logout?

A: 

Delete the sessions. Assuming you don't allow unauthenticated users past a certain point, this should kick them back to the login

Andy  2010-02-23 02:43:44
Because sessions are stored in their own web server. And I cannot access to their sessions and delete it. Any ideas?
lipkee85  2010-02-23 02:58:54
You may want to pose this question to the superuser.com site
AndrewB  2010-02-23 03:10:34
Store your sessions in the database your application uses.
Andy  2010-02-23 03:11:20
Andy - if I store the sessions in database, I need to do checking for every page refresh to see whether the sessions are still in database or not..it's time consuming..I was thinking of killing the sessions in other machines and force them to logout
lipkee85  2010-02-23 04:06:09
Do something like this:http://support.microsoft.com/kb/299987At the beginning of each page you would add a simple check with three lines of code. See the "Add validation code to pages" portion of that link.
Andy  2010-02-23 12:37:03
if i'm not wrong, the simple check is the validation code only checks for if the session is blank..but how am i going to clear the session if the session is stored in their own machine? if the session is stored in database, for each page refresh i need to query for the database to check whether the session is still there or not..which is time-consuming
lipkee85  2010-02-24 03:57:29
Sessions are stored on the webserver/database. Cookies are stored on the user machine. Additionally, the application is automatically looking up the session in the database (or session file) each time you check it in your application. That is no slower than doing a 'if session("UID")="" ' each page load. You aren't doing a specific query to see if the session exists, just that if statement.
Andy  2010-02-24 12:45:12

related questions

What is typically the length of your optimal coding session?
What's the most current, good practice, and easiest way to use sessions in PHP?
What can cause an ASP.NET worker process to be recycled?
How do I explicitly set asp.net sessions to ONLY expire on closing the browser or explicit logou?
session variable mixup in ASP.NET?
In Classic asp, can I store a database connection in the Session object?
What are the advantages and disadvantages of the Session Façade Core J2EE Pattern?
Different values of GetHashCode for inproc and stateserver session variables
Best way for allowing subdomain session cookies using Tomcat
Is there a way to specify a different session store with Tomcat?
PHP: $_SESSION - What are the pros and cons of storing temporarily used data in the $_SESSION variable
What is the best way to handle sessions for a PHP site on multiple hosts?
How much data can/should you store in a users session object?
ASP.Net Session_Start event not firing
Logging image downloads
ASP.Net: If I have the Session ID, Can I get the Session object?
Secure session cookies in ASP.NET over HTTPS
Django Sessions
Can I put an ASP.Net session ID in a hidden form field?
Always including the user in the django template context
Rails - recovering database from Production.log
Most efficient way to get data from the database to session
What is the best way to prevent session hijacking?
FOSS ASP.Net Session Replication Solution?
How do I best detect an ASP.NET expired session?