Reputation: 3201
ASP.NET how to logout user all session when password is reset/change
As an Admin, I am able to reset password for all users. May I know how can I logout the particular users "all" sessions across all devices/PC when I reset his password?
Example:
1) User1 logged in to PC1, PC2 and PC3.
2) Admin reset/change password for User1.
3) System logout session in PC1, PC2 and PC3.
How can it be done in ASP.NET?
Thanks.
Upvotes: 1
Views: 3494
Answers (2)
Reputation: 771
I know this is an old issue, but I believe there is an easier method. This method does not provide the functionality of listing all of the active sessions. But it is a very simple and straightforward method of invalidating other sessions when changing password.
Add a column called SecurityStamp to your user table. If a user logs in and this column is not populated, populate with a random guid. Or you could pre-populate the entire table.
When the user logs in, add the value found in the table to a session variable. On every page load, check that their session variable matches what is in the database.
When a user changes their password, update the value in the database with a new random guid. Additionally update the session variable for the user who changed the password. You could also add a button that invalidates other sessions without having to change the password.
If the user was logged in from a different device, the session variable associated with that other device login will not have been updated. When they try to access any page, you will have checked that their session variable does not match the database and force them to logout.
Upvotes: 2
Reputation: 21901
It is possible , Facebook,G mail are done that , But it is not simple
Use a flag in the database that checks users on Session_Start that invalidates their session if that flag is set. May not necessarily use a boolean, you can use a DateTime value and invalidate all sessions that started prior to that time. This could be done by checking a value stored in a cookie upon login.
check the below stackoverflow discussions i think it will help you
Check
Upvotes: 3
Related Questions
- ASP.NET/IIS: Log out all users
- Programmatically logout an ASP.NET user
- How to kill the Session of User when he LoggedOut in ASP.NET
- how to logout the user from my asp.net application?
- ASP.Net Identity sign-out all sessions
- How to properly sign out user
- ASP.Net logout code block
- asp.net logout authentication how to code?
- Asp.net membership logout automatically
- how to LogOut in ASP membership