If a user is currently logged in and the session is still open, when he come to login again from another place I want to make a force logout operation for the previous session and display the login screen again (sure for the old place, to close the web application).
On the server create a table in your database that will store current sessions (user and session ID)
When user successfully logs in store session ID and user name in the current sessions table.Then send back session ID to the client application.
Client application should include user name/session ID with every RPC call to the server.
Server code should validate user name/session ID against current session table. If session check does not match an exception will be thrown.
When user logs in from another computer check if there is already an active session for this user in the current sessions table. If there is then ask user if he wants to continue with the new session. If user says yes, delete user's existing record from current sessions table and then create a new session record.
When user tries to work on the computer with old session he will get an error on the next call to the server because old session record has been deleted. Your client application can then display the login screen.
This way only one active session for the user can exists.
gaspo100's way would be the cleanest way of handling this issue. If you dont have access to the database to create a table, you could use a singleton instance of a new class as well, holding a hashtable of user to session.
Each time a service is called, it should check the user and the session, and if it doesn't match what's in the hashtable, then you can deal with that how you would like.
Auto Reload Client Page
Dynamic Tree
Reply With Quote