I want to implement a code that enables only one session per user. I use asp.net with forms authentication .
I read this post: Limit only one session per user in ASP.NET
but I want to do the opposite, to disconnect all previous sessions.
here is my code:
void Application_Start(object sender, EventArgs e) { Application["UsersLoggedIn"] = new System.Collections.Generic.Dictionary<string, string>(); }
when user logs in, I insert a record : username, sessionID. if the username exists, I just update the sessionID
void Application_BeginRequest(object sender, EventArgs e)
{
System.Collections.Generic.Dictionary<string, string> d = HttpContext.Current.Application["UsersLoggedIn"] as System.Collections.Generic.Dictionary<string, string>;
if (d != null)
{
if (d.Count > 0)
{
string userName = HttpContext.Current.User.Identity.Name;
if (!string.IsNullOrEmpty(userName))
{
if (d.ContainsKey(userName))
{
if (d[userName] != HttpContext.Current.Session.SessionID)
{
FormsAuthentication.SignOut();
Session.Abandon();
}
}
}
}
}
but I get empty HttpContext.Current.User. I tried also "AuthenticatedRequest", but then I get null Session.
any idea please?
如果要访问HttpContext.Current.User和Session,则应使用AcquireRequestState
事件。
如果您处于负载平衡的状态,并且有多台服务器,则需要以某种方式保持这种状态,那么当您需要释放用户锁(终止用户会话或注销)时,就会出现问题。
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.