ASP.NET | Forms Authentication | Get ALL logged in users(list of all users or count)

Question

I am using .NET 3.5. Also, Forms Authentication is used.

Is there any way to get the list of ALL logged-in users or a count in ASP.NET?

Note: I am not using Memberships and Roles

Answer 1

No there isn't unless

1. You have defined one in your own code

2. You are using the default ASPNET Membership Provider which has a GetNumberOfUsersOnline() method defined.

3. You are using a custom Membership Provider and have provided an implementation for the GetNumberOfUsersOnline() method yourself

The default ASPNET Membership provider calculates number of users online by querying the SQL Server database and checking the LastActivityDate stored against each user against the defined UserIsOnlineTimeWindow property that you can set in web.config. If the LastActivityDate is greater than the current time minus the UserIsOnlineTimeWindow value (which represents minutes), then a user is considered to be online.

If you wanted to do something similar then you might consider implementing a similar method. you can see the code for the default providers by downloading the source code. To complete your picture, you might also want to run aspnet_regsql.exe so that you can see the stored procedures that the default providers use.

Answer 2

Membership provider do have its benefits but just to track the users online you can also:

1. Add a column LastActivityDate to your user table and update it from your code during login and on all page loads for that user.

2. And to get the usersonline for the past X minutes just use the following sql

   Select * from Users where LastActivityDate >
   DATEADD(minute,  -(X), GETDATE())  
   

Answer 3

Forms Authentication stored all it’s state in a cookie that is passed to the users browsers.

(This enables Forms Authentication to work on a web farm)

Therefore there is no way to get a list of logged users etc from standard Forms Authentication.

However Forms Authentication has events that it fires when it Authenticates a user etc. You could update your own list of users in these events – (be careful with locking if you do so)

However as a user will be “logged of” when the cookie is expired by the browsers, you will find it very hard to correctly remove all logged of users at the correct time from your list.

---

You may be better of stored the time you last saw each users and then having a list of users you have seen in say the last 5 minutes. E.g keep a list of active users.

Answer 4

I used Session_Start and Session_End under Global.aspx. it works most of times except the user close his/her browser. the server side needs to wait for the session expired to remove the user.