Limit Only One Session Per User In ASP.NET Mvc 4

Question

I am working on one web application in which i want to make sure that website allow only one login per user at a time. when user login i am updating table column islogged=1 when logoff i am updating islogged =0 but the problem is when user session timeout or if user closing browser i am unable to capture this events.i am using sqlserver state to store sessions so Session_End event is not fired in this state . it only works in InProc State. and also in browser close event i have tried onunload event. but this event is fired on tab closed also. not able to differentiate tab close and browser close. i want only one concurrent user login. is there any other way to achieve this.

i am using this code to capture browser close event.

<body class="fixed-top" onclick="clicked=true;" onunload="CheckBrowser()">

    &lt;script type="text/javascript">
        var clicked = false;
       // var xmlHttp
    //    var browser = navigator.appName;

        function CheckBrowser() {
            debugger

            //  var browserClose = isUserClickedCloseButton();
            if (clicked == false) {
                $.ajax({
                    url: "@Url.Content("~/Account/LogOff")",
                    type: 'Post',
                    success: function (data) {

                    },
                    error: function () { alert("Error On Logut..."); }

                });
}

haveyou refered [this](http://www.sharepoint4developers.net/en-nz/post/limit-session-account.aspx) — Manish Goswami, Nov 29 '14 at 08:21
@ManishGoswami i have refered this.but this solution is for asp.net i am using asp.net mvc.. — deepak neo, Nov 29 '14 at 08:30
[this is for MVC](http://stackoverflow.com/questions/15903574/when-the-same-user-id-is-trying-to-log-in-on-multiple-devices-how-do-i-kill-the) my mistake. — Manish Goswami, Nov 29 '14 at 09:15
can i update user login status. by altering DeleteExpiredSessions this store procedure using session id? — deepak neo, Nov 29 '14 at 09:58

score 0 · Answer 1 · answered Nov 29 '14 at 08:59

0

alternatively you can store store session id in DB along with the current loggedin status as true or false. when user hits just check if loggedin flag is true and take the action needed

answered Nov 29 '14 at 08:59

Akshay Randive

384
2
10

i am storing user logged in and out status in database.but what when user close the browser or session timeout. in this cases i need update status as logout in database. how to capture session timeout event in sqlstate mode.? – deepak neo Nov 29 '14 at 09:03
If you are using SqlState server mode then it deletes the expired sessions by itself you wont find an event for this but when user tries other action say navigating to other page you can check if particular session exists im sql [this may help you](http://stackoverflow.com/questions/8723504/delete-session-from-database-after-it-expired) – Akshay Randive Nov 29 '14 at 09:11

score 0 · Answer 2 · edited May 23 '17 at 12:06

0

Please check the below links which has similar Q&A.

Only one concurrent login per user in Asp.net

Only one concurrent login per UserID in Asp.net

edited May 23 '17 at 12:06

Community

1
1

answered Apr 10 '15 at 06:27

Habib Sheikh

139
1
5

I suppose it should be a comment. – Opal Apr 10 '15 at 06:46

Limit Only One Session Per User In ASP.NET Mvc 4

2 Answers2