get session by ID - asp.net

I'm currently working on Authentication and Membership system for my Web Application. It is licensed to number of users, that can be logged on in the same time.
So I come up with concept that I will make ActiveUsers table where I will store information about logged on users with their sessions' IDs.
Before new user can log in, application will check this table and will get all SIDs, then it will check whether particular session exists on server. If not it will delete record in table.
My question is: is there a way to check if session with particular ID exists on server?
Because HttpContext.Current.Session affects only current user.

There's a whole bunch of nifty events in Global.asax that you can probably use for deleting the row. Check out Session_OnEnd() for instance.
http://msdn.microsoft.com/en-us/library/ms178583.aspx
Edit: Just noticed that this really doesn't answer the question...

Related

asp.net cookies being shared between instances on same browser (formsauthentication)

Hi so this probably has a very simple answer..
So my question is I'm using formsauthentication with webmatrix in asp.net razor pages.. what my application does is let one user have multiple "subscriptions" and when the user logs in they get to select what "subscription" they want to log in as now the problem is I want the user to be able to have two windows open and have different "subscriptions" on each window.
If I'm storing the current subscription in the session cookie then they will always be the same subscription.
Is there a way to distinct the two browsers? (Keep in mind this is not a one page website so I do need to have some way of storing the subscription id so I can show the right data for that specific instance)
I don't think you'll be able to do it with the basic aspxauth cookie, since it is issued per user, i.e. per log in. The same with the session cookie, which is shared between the browser instances. Since you support multiple "subscriptions" per user, you'd have to track them manually in each page post.

How can I store current user session and retrive it later in asp.net?

I am trying to store current session for user's activity and then try to restore it once user login later. I am developing site, where user is going to answer 100 questions, and I am sure user won't answer in one go. So, how can I manage this one? Should I store answers and retrieve it later or I can store session id, and can do something.

User profile in Session variable

I've a pretty basic question related to user profile storage along a session.
Let's say that I've an Account table that stores user profiles and that I've linked this table to ASP.NET SimpleMembership. Once a user is logged in, controllers may need to retrieve information in or based from her Account. What I'm doing right now is querying the database each time I need data, with something similar to this: _dbContext.Accounts.Where(a => a.EmailAddress == User.Identity.Name).Single().
But I'm afraid that this may cause unnecessary load on the DB and think that a better idea (perhaps it's what everybody does!) is to store the Account object in a Session variable once a user logs in, enabling direct access without re-querying the DB.
Is this the usual way to do it? Isn't there a risk of "de-sync" between the Session variable and the authentication?
Thanks
Our website uses this same type of method for a user-type object at login. Upon confirmed login we store the user object in a session variable. If something is changed or updated the object is updated and depending on the circumstance the change is updated in the database as well (timing meaning update immediately following the change or, after gathering a group of changes).
It just depends on how complex your system is. Ours is fairly complex, and this has proved to be a pretty solid way - without requiring constant maintenence and updates.

Secure an ASP.NET Application Using limit for number of logins

I am trying to find a solution to control the number of logins on asp.net application.
I need to install the application in the client server, and set the number of licences. e.g. only 10 users are allowed to access the app.
Every time someone tries to login I need to check how many user are logged in, compare with the total allowed then authorize that user to proceed.
I tried with Certificate, but I couldn't see where to match the number of logged in users with the max number of allowed user.
Also I would like to use the IP address as identifier, then if I open 3 browser windows, it count only one user logged.
Basically this web application will be sold by licences. We need to control the logins per computer, and not per user, and block logins if the limit of logins are reached.
Please forgive me, if i am not clear with the description.
Thanks for any help.
I would use the SessionID in the Session object as the key, I'd store that along with the UserID for the logged in user in a database or some kind of backing store. I'd use Session_End in the global.asax to remove the records above for any session expiring and also remove them in any logout function. You should find it fairly simple to count the number of active sessions you have and confirm that it's not the same user logging in again, if that's allowed.
What I would do is use the global.asax file and increment a counter in session_start and decrement on session_end.
Since the session is stored in a cookie, several sessions on the same computer only create one session.
Here is a good refrence for the global.asax file:
http://aspalliance.com/1114_Understanding_the_Globalasax_file.3
I would use the Membership.GetNumberOfUsersOnline method, if you are using the Membership API, to determine the number of active users.
I believe this number only counts the number of users you have authenticated so it is safe to use in your scenario.

ASP.NET sessions

I am trying to find out in my asp.net application the users that are currently logged in the application by searching on the session info. Currently, I am only able to see my current session, but I cannot find out if there are other users using it. Is there a way to see if there are other users using the application by looking at the session information
Session state is per user - Application state (global) seems to be what you're looking for.
There are 2 hashes Session and Application, in which you can store key-value pairs.
A way to do it would be to update Application[UserNamesList] whenever there is a successful login. This would then be visible to all users. Application state would however be lost whenever the App Web Server recycles or restarts... but that shouldn't be a problem in this case.
A session is supposed to only give you information about the currently logged-in user.
If you need to keep track of all logged-in users, you could consider writing the users into a global variable. Here is info on how that works. Note that sessions expire. You would have to write, for each user, the time the user was last seen (i.e. each time they hit a new page, update their record). When the time they were last seen is greater than your session timeout, it's safe to assume they are no longer logged in and you can remove them from the list of current users. If they just up and close their browser, you will not be alerted and you will still think they are logged in even though they are not.

Resources