开发者

Kill ASP .NET user session from admin session

I own a gaming website. From time to time I need to suspend users for different reasons. They cheat or they are bad users with bad intention. After suspending users, they can't login anymore on my site, until the suspend period expire.

However, after suspending an user he still can acces the site, can chat with ot开发者_StackOverflow中文版her users, can create forum posts, can do everyting, that's because he remain logged in on the site. I can't do nothing to this and most of the time I need to restart IIS in order to get rid of bad users.

Is there anyting I can do to kill an user session from my ASP .NET session ? I am against using SQL to store user session variables.

I prefer to check an ASP .NET session/application variable on every user request, and if that variable contain the ID of suspended user, to logged out him immediately.


You can't acess the session in the way you want. What you could do is keep a list of suspended users in the application cache. On each page request, and each login attempt, you can do a lookup on the list to see if your current user is suspended. If he is, you can then log him out and abandon his session, or prevent the new login.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜