force users to logout_问答_开发者_运维开发者技术经验分享

开发者 https://www.devze.com 2022-12-16 23:19 出处：网络

Currently I have a client and admin webpage. There are multiple users who will login to the client page. While in admin page, when I restored the database inside the admin page, I need to logout all the users who are currently login to the client page开发者_运维知识库. Any ideas how it should be done? My current language using is classic ASP. If it can be done in ASP.NET, its fine too. Thanks.

It really depends what you've cached. If it's data then you can clear the cached data rather than forcing your users to login again.

If it's data or permissions / security change then you could have a setting in your database called SchemaVersion that stores the current version of the database. Each logged in user request to the app could compare the cookie / session version against the one in the database and if it differs to get the client to delete the session / cookie and force a re-login.

According to a Microsoft help article you can reset the session like this:

Session.Abandon(); 
Response.Cookies.Add(new HttpCookie("ASP.NET_SessionId", ""));

And from MSDN you can clear your cookie like this:

if (HttpContext.Current.Request.Cookies["MyCookieName"] != null)
{
    HttpCookie aCookie = HttpContext.Current.Request.Cookies["MyCookieName"];
    aCookie.Expires = DateTime.Now.AddDays(-10);
    aCookie.Value = "";
    HttpContext.Current.Response.Cookies.Add(aCookie);
}

This should force a login, but I haven't confirmed this myself.

So in summary, you can use the ASP.NET Cache to store the db schema version and:

At the start of the page load call a helper class LoginResetHelper.IsDbValid() to see if we need to login again

In the helper class you would ask

if (Cache["SchemaVersion"] == null)
{
   // retrieve schemaVersion from db

   Cache.Add("SchemaVersion", schemaVersion);
}
HttpCookie oCookie = new HttpCookie("ClientSchemaVersion");
if (Cache["SchemaVersion"] == oCookie.Value)
   return true;
return false;

If IsDbValue is true, the continue as normal

If it is false, then call the LoginResetHelper.ResetLogin() and redirect to login page.

In ResetLogin() you would perform the clearing functions I mentioned above

Maybe easiest way is to define an Application variable indicating your website in under maintenance and, in every page through a server side include, check that variable and redirect to an appropriate error page.