1

I got two lines, one is: https://stackoverflow.com/a/27288275/728750

The above link is saying:

It is possible , Facebook, Gmail have done that , But it is not simple.

Use a flag in the database that checks users on Session_Start that invalidates their session 
If that flag is set. May not necessarily use a Boolean, you can use a DateTime value and 
invalidate all sessions that started prior to that time. This could be done by checking a value stored in a cookie upon login.

What they trying to say is not clear.

How to implement this "you can use a DateTime value and invalidate all sessions that started prior to that time."?

How to know when user session was started?

I got a another good link: https://stackoverflow.com/a/5492396/728750

This line is not clear:

authCookie.Expires < logoutTime.Value

How the above line would works? Suppose I login to web site now and today date is 01/01/16 and login expire date is 07/01/16 and I force logout on 02/01/16 then how this expiry date 07/01/16 would be less than force logout date 02/01/16. This is not clear. Can anyone help me implement this? Thanks.

Mirza Sisic
  • 2,401
  • 4
  • 24
  • 38
Mou
  • 15,673
  • 43
  • 156
  • 275
  • no one knows the answer? – Mou Apr 07 '16 at 19:07
  • Be specific in your question. What is your exact problem and how you expect to solve it? – Balde Apr 07 '16 at 19:23
  • see my second posted link and tell me how this line is ok 'authCookie.Expires < logoutTime.Value' ? suppose my website auth cookie expire after 1 month then how auth cookie expire time could be less than logoutTime? – Mou Apr 07 '16 at 20:23
  • just share the knowledge like how to implement this feature for my mvc web site called "logout on all device" . suppose a user Keith login to my site from 3 pc but when he will click log out button then he can choose the option called "logout on all device" and after logout when we open the same site from other pc then user will find himself logout there. now guide me how to implement this easy way for mvc web site. if still my requirement is not clear then let me know. thanks – Mou Apr 07 '16 at 20:26
  • This would be a way to achieve it: Set a new cookie when user logged and save a reference of the user+cookie in an audit table. Unset this cookie when user logs out explicitly, and delete the reference of the user+cookie in audit table. When user hit "Logout on all devices", delete all references of the user in audit table. This way, when a user accesses your site, if the cookie does not exists in request or exists in request but not in database, then ask for user credentials, else if the cookie exists both in request and database, log user with credentials stored in the cookie. – Balde Apr 07 '16 at 21:21
  • i have no idea how to store cookie in db.....would u discuss. i know cookie is saved in client pc only. – Mou Apr 08 '16 at 08:55
  • I mean, not the cookie itself, but an ID identifying the cookie... – Balde Apr 08 '16 at 21:57
  • @Balde it will be possible to discuss what you think with code sample. – Mou Apr 09 '16 at 10:04

0 Answers0