tags:

views:

44

answers:

3
Q: 

How to destroy a session of another than current user in asp.net

Hello,

I'm using asp.net 4.0 with asp.net MVC 2.0 and the asp.net membership provider.

I need to terminate a the user session before I delete it. Otherwise if the user is still authenticated the next time it will visit a page null reference exceptions will occur when trying to access the user data and profile.

I get the Session.Abandon() method but what I'm looking for is the same on a user, something like user.AbandonSessions().

I realize this question has been asked before but I can't get a straight answer.

Thanks

+1  A: 

You could use a custom membership provider which instead of deleting an account, just deactivates that. You could also have the custom membership provider to lock the account at the same time.

James O'Sullivan  2010-07-19 19:59:10
there is no mention of deleting a user. only ensuring discard of a session.
Sky Sanders  2010-07-19 20:03:34
Actually, code poet, pre63 specifically says "...before I delete it.". Sounds like he's purely concerned with any errors the user might receive after visiting a page while authenticated, but after their account is gone.
Chris  2010-07-19 20:10:47
@code poet: My interpretation of the question: deleting an ASP.NET membership user while that user is logged in from another browser.
Greg  2010-07-19 20:11:41
Sky Sanders  2010-07-19 20:17:22
Chris, you are right. The goal is to destroy the session before deleting the user.
pre63  2010-07-21 02:46:46
+1  A: 

I think you may be tilting at windmills. There are just too many things working against your desired goal.

If you adjust your perspective to embrace the arbitrary nature of a browser based app and instead of trying to eradicate all vestiges of a users state in order to avoid errors, rather take measures to ensure that the required data is present in the session and if not then recreate it or redirect the user to an appropriate location.

In any case, remember that in order to affect any session related action capably, you must force a request cycle to ensure the cookies are properly processed by the browser, but that is beside the point I am trying to make.

Good luck.

Sky Sanders  2010-07-19 20:08:22
In the end my problem is that there are too many pieces of the application that do not validate before they access the session information. So you are correct the problem is not the outstanding session but the week validation of the session before it's accessed.Thanks
pre63  2010-07-21 02:49:05
A: 

FormsAuthentication.SignOut();

But you need to call it in the context of the user you want to sign out.

Greg  2010-07-19 21:03:30

related questions

Is it better to create Model classes, or just stick with generic database utility class?
What are effective options for embedding video in an ASP.NET web site?
Visual Studio 2008 debugger already attached work-around
Tracking state using ASP.NET AJAX / ICallbackEventHandler
ASP.NET Display SVN Revision Number
ASP.NET URL Rewriting
How can I change the background of a masterpage from the code behind of a content page?
Easy way to AJAX WebControls
How do I define custom web.config sections with potential child elements and attributes for the properties?
ASP.NET MVC "CRUD" Database Sample
Are Multiple DataContext classes ever appropriate?
How to RedirectToAction in ASP.NET MVC without losing request data
Triple Quotes? How do I delimit a databound Javascript string parameter in ASP.NET?
ASP.NET built in user profile, Vs old stile user class/tables
What's a good book for learning ASP?
Bandwith throttling in IIS 6 by IP Address
ASP .Net Custom Client-Side Validation
How to get the value of built, encoded ViewState?
Decent, simple, GIS/mapping component for ASP.NET?
Checklist for IIS 6/ASP.NET Windows Authentication?
How to write to Web.Config in Medium Trust ?
ASP.NET, Visual Studio and Subversion - how to integrate?
Floating Point Number parsing: Is there a Catch All algorithm?
How do I sync the SVN revision number with my ASP.NET web site?
ASP.NET Site Maps