ASP.NET MVC permitting only one logged in user

I have an experience with CakePHP and now started coding on ASP.NET MVC framework. I have a problem with the login system. How can I restrict开发者_JS百科 users from logging only one time simultaneously on my system?

I can create a field in my DB where Customer becomes active when logs in. If he logs out I can make active false. But what if the session just ends? How can I catch this?

This article provides a possible solution.

This is, unfortunately, something of a challenge due to the way that the session end event are implemented as you don't have access to the information you need when they fire.

So turn the problem on its head a little, if you track the session that they last logged in on then if you get a request from that same authenticated user in a different session then remove the auth for that session (in effect the older session) with an appropriate redirect to a suitable message.

The key here is tracking not only who is currently logged in but also the session ID for that login.

Details are a bit more complicated - but you can perform the test at a request level or by adding your own base page class, deriving all your "real" pages from that and checking in a page event.