«

Well, the best way to do this in my opinion would be to
follow the rule of "most recent user is the active
user". This means if I login on one machine, then
another ... the first session is the one that is cut
off. If the first session then logs in again the second
second would then get cutoff. It's a neverending cycle!

You need to:

1. When a user logs in through forms auth, store their
username and ASP session ID in the Application object.
Make it so that it would overwrite a user with the same
name if one already existed. You could do this with
arrays, objects, strings or however but store the
username and session together so that you can look them
up later easily.
1. On each non-logon page, check the the username and
session ID against what is in the Application object. If
it's not there with the same username and sessionid,
SignOut the forms auth and Abandon their session. Then
redirect then to login.

Now, the code part depends on VB.Net, C#, etc. but from
the description above you should have no problem. Anyone
who can code forms auth can certainly do the above. But
if you do need help just email.

>-----Original Message-----
>Hi,
>
>I am using forms authentication. How do I avoid a user
from logging in from multiple computers simultaneously.
>
>When a user logs in, I would like to abandon all other
active sessions of this user.
>
>Thanks,
>John
>.
>