Menu
When a user is authenticated to a web application, a token in session will be stored. If the admin deletes the user in the back end when the user is still online. how to clear the user's session?
605
Short answer: you can't do this easily. Let the session expire, and the user won't be able to subsequently login.
Long answer: if this functionality is really important to you, then you will have to check the database with each request to ensure that the user hasn't been deleted since they logged in. This somewhat defeats the purpose of storing user information in session, although the call to the database can be a simple boolean check (i.e. "is the user still valid/active").
Can't I just remove the user's session? It doesn't appear to be possible to locate/manipulate a specific session even if you have the session ID in hand. Keys and storage are managed internally by implementations of SessionStateStoreProviderBase (InProcSessionStateStore, OutOfProcSessionStateStore, SqlSessionStateStore) and aren't intended to be manipulated by developers.
65
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
