delete session data for other users logged on

**Ray Costanzo [MVP]** · Aug 29 '06, 01:45 PM

Re: delete session data for other users logged on

The only feasible way to do this would be to kick everyone out by restarting
the app and killing all the sessions. Something else to look into is
storing the login status in a database instead of using sessions.

Ray at work

"jjw" <bigwheels16@gm ail.comwrote in message
news:1156838368 .769389.101680@ 74g2000cwt.goog legroups.com...

>I have a website that requires users to login. We track them by using
sessions. We record the time and date that they login, their session
id, the last page they visited, etc in a database. As as admin, I
would like to be able to login and force a logout of other users logged
in. Is this possible? I have looked online but there doesn't seem to
be any information that addresses this.
>

**jjw** · Aug 29 '06, 08:25 PM

Re: delete session data for other users logged on

ok, thanks a lot for your reply

jjw

Ray Costanzo [MVP] wrote:

The only feasible way to do this would be to kick everyone out by restarting
the app and killing all the sessions. Something else to look into is
storing the login status in a database instead of using sessions.
>
Ray at work
>
"jjw" <bigwheels16@gm ail.comwrote in message
news:1156838368 .769389.101680@ 74g2000cwt.goog legroups.com...

I have a website that requires users to login. We track them by using
sessions. We record the time and date that they login, their session
id, the last page they visited, etc in a database. As as admin, I
would like to be able to login and force a logout of other users logged
in. Is this possible? I have looked online but there doesn't seem to
be any information that addresses this.

**Evertjan.** · Aug 29 '06, 10:35 PM

Re: delete session data for other users logged on

Ray Costanzo [MVP] wrote on 29 aug 2006 in
microsoft.publi c.inetserver.as p.general:

The only feasible way to do this would be to kick everyone out by
restarting the app and killing all the sessions. Something else to
look into is storing the login status in a database instead of using
sessions.

Start each user page with:
if application("ki llAll") = "do" then session.abandon :response.end

kill.asp [only with password]:
application("ki llAll") = "do"

unkill.asp [when used after the session timeout time]:
application("ki llAll") = "notSo"

Would this work?

--
Evertjan.
The Netherlands.
(Please change the x'es to dots in my emailaddress)

**jjw** · Aug 30 '06, 11:15 PM

Re: delete session data for other users logged on

Evertjan. wrote:

Ray Costanzo [MVP] wrote on 29 aug 2006 in
microsoft.publi c.inetserver.as p.general:
>

The only feasible way to do this would be to kick everyone out by
restarting the app and killing all the sessions. Something else to
look into is storing the login status in a database instead of using
sessions.

>
Start each user page with:
if application("ki llAll") = "do" then session.abandon :response.end
>
kill.asp [only with password]:
application("ki llAll") = "do"
>
unkill.asp [when used after the session timeout time]:
application("ki llAll") = "notSo"
>
Would this work?
>
--
Evertjan.
The Netherlands.
(Please change the x'es to dots in my emailaddress)

thanks for your reply. that would work, and I kinda thought of
something like that, but your way implements it a bit better. anyway,
the only bad part is I'd have to add it to each and every page, but
that's probably what I'll be doing.

**Evertjan.** · Aug 31 '06, 07:45 AM

Re: delete session data for other users logged on

jjw wrote on 31 aug 2006 in microsoft.publi c.inetserver.as p.general:

>
Evertjan. wrote:

>Ray Costanzo [MVP] wrote on 29 aug 2006 in
>microsoft.publ ic.inetserver.a sp.general:
>>

The only feasible way to do this would be to kick everyone out by
restarting the app and killing all the sessions. Something else to
look into is storing the login status in a database instead of using
sessions.

>>
>Start each user page with:
>if application("ki llAll") = "do" then session.abandon :response.end
>>
>kill.asp [only with password]:
>application("k illAll") = "do"
>>
>unkill.asp [when used after the session timeout time]:
>application("k illAll") = "notSo"
>>
>Would this work?
>>

>
thanks for your reply. that would work, and I kinda thought of
something like that, but your way implements it a bit better. anyway,
the only bad part is I'd have to add it to each and every page, but
that's probably what I'll be doing.

There is a minor(!) problem with this:

If a user "refreshes" the session by calling a non-asp file,
like .jpg, .pdf, .html, repeatedly, I suppose that session could
be left intact when running unkill after 20 minutes.

If this flaw bothers you,
perhaps you would have to use an incrementing "killLevel" number:

Start each user page with:

if session("killal l") = "" then
session("killal l") = application("ki llAll")
end if
if application("ki llAll") session("killal l") then
session.abandon
response.end
end if

This will set to self-kill all sessions
that are "old" when you increase this killall level with:

kill.asp [only with password]:

application("ki llAll") = application("ki llAll") + 1

and in global.asa application onstart:

application("ki llall") = 0

[no unkill in this scheme]

--
Evertjan.
The Netherlands.
(Please change the x'es to dots in my emailaddress)

delete session data for other users logged on

delete session data for other users logged on

Comment

Comment

Comment

Comment

Comment