Hello all,
I'm looking for a straightforward approach to extend our AuthCookie sessioning to enforce that a user is only logged in from one browser at a time. For us, it would suffice that if the user tries to log in from a 2nd browser, the first session would just be expired. I was thinking that upon login I could save the AuthCookie key in that user's db entry as current_session_key and I could blank it out when they explicitly log out. Then during login, I would be able to see if there's another key still out there for them. The tricky part for me is figuring out if that key is still an -active- session as opposed to having just left their browser open last night or something. And also, if I do determine that it is another active one, how would I expire it? Anyone done this type of thing previously? Thanks, Fran
