Hi,



I am having a web application, which can be accessed by different users based on their userid's and passwords.



Now I want to prevent users from accessing the application from more than one system.

In order to prevent this I have created a table with three columns as :

userid password flag



with flag having two values (true, false)

true means that user is logged in

false means looged off





session id generated by the server when the session is created

SESSION.SESSIONID gets the id generated on the IIS.

reference: http://msdn.microsoft.com/en-us/library/ms524326.aspx



now how can I delete it?

so that there can be only one user per user id.
In short I want to implement a feature used by gmail where one user can expire or log out all other users on different machines using same user id's.
am I right in achieving the goal?

I don't want to use Asp.net MembershipProvider.



thanks

Shankbond

you can do this by having a table(say login_detail) in server with column:
UserId, ClientSessionValue

When ever user login, store unique cookie(ClientSessionValue) in browser as well as in login_detail table. so if user is going to login from 3 machine, store his id 3 times against the 3 different ClientSessionValue in data base table.

So when ever user want to logout from a machine, delete one row from login_detail of corresponding ClientSessionValue.

When ever any request will come from client it will come with ClientSessionValue cookie. so if this value is not present against that user means, that user is logged out of that machine.

Now, if user want to expire or log out all other login from different machines, just delete all rows except one row from where delete request has come.

How am I going to delete that client session value?
that is what I am trying to know ?
any help shall be appreciated
thanks