"rayala" <> wrote in message
news: oups.com...
> Anthony,
>
> I am right back on track.
>
> one approach i though is creating SessionId at login and pass to all
> the pages using Query String with some sort of encryption.
>
>
> i am sorry i did not follow the solution you have suggested, here is
> what i understood base on your suggestion.Correct me if i am wrong.
>
> we should store the GUID in the users table for each user as soon they
> login
>
> for each new login we should check whether any GUID exists for this
> user or not.If one exists then he has logged in some where else, so
> tell the new user to either go and clear that user session and login
> back.
>
The problem with this approach is that user may not know where else they are
logged in or worse their browser crashed before they were able clear their
log in. What do they do now?
A better approach is to allow them to login and make sure any other
outstanding logged in session is unusable.
> what is your sessionGUID mean then.
>
I mean store the GUID in the Session object.
When user logons on create a unique ID and store it against the user in a
database.
Store this same unique ID in the Session object as well.
When any page is requested (use an include page) have it compare the unique
ID stored in the session object against the unique ID in the database for
the user. They should match. If they don't it means they have logged in
somewhere else. In that case clear the session and redirect them to the
logon page.
>
> Thanks for your replies, i hope i am not bothering you with my queries.
>
>
|
Similar Threads
