How to expire a session of one user if he logged in to another browser

Question

1.00/5 (1 vote)

See more:

Hi,

I have a website where user can login to any browser(Mostly IE11 & Firefox) to access this website.

if user logged in to IE11 first and then logged into Firefox, and come backto IE11 and want to do any action then user should be redirect to Login page from IE11 browser. Basically users old session should be expired and should be on latest session always. How to achieve that in ASP.Net. Please suggest

Posted 7-Dec-15 19:21pm

yadlaprasad

Add a Solution

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Sergey Alexandrovich Kryukov · Answer 1 · 2015-12-07T19:56:00

First, the sessions. The sessions for two browsers are unrelated and are supported separately. No, you cannot detect in browser that some session is started in another browser: generally, a browser "does not know" anything about a different browser and its connection. Just think about it: what if some other user connected and loaded some page; what's the difference?

But authentication, obviously, is not the same as the session, but it normally depends on sessions. You can persist the authentication status in, say, your database. Yes, when the session is ended, you should end the authenticated state for the user, but you are interested in handling of the different situation: the same user connected using a different browser. As I just tried to explain, it is no different from the situation when some other user has connected. What makes the difference is event when this "second" user tries to authenticate with the same credentials. As you have your persistent authentication state showing the "already authenticated" situation, you can prevent "redundant" authentication and deny the access. As this situation is 100% certain and reliably detected, this will really give you reasonable behavior, in contrast to your idea to "expire the session".

—SA