Normally I would handle a logged in user by setting a session after a successful login. That session is then checked on each request to ensure it exists. But was about if I disabled a user account and they were currently logged in? In that case, the user would still have access to the system until their session expired. Currently, I am pulling the account information from the database on every request and checking the status field. I feel this is a lot of unnecessary overhead. In my scenario, there are accounts and users within those accounts. Therefore, I'm having to check the account status as well as the user status on each request.Is there a better way? Note that I'm using SQL Server Session State as this a multi-server environment.Thanks in advance.
Handling user sessions and active statuses
- Thread starter TONID
- Start date