I have noticed that if a user is still logged in or has a

Question

0

Asked: May 25, 20262026-05-25T10:21:46+00:00 2026-05-25T10:21:46+00:00

I have noticed that if a user is still logged in or has a

0

I have noticed that if a user is still logged in or has a persistent cookie, even if he gets “banned”, or disabled in the database (Users Table flags), the user can still access everything until that cookie goes away or the user logs out of the site. Great security right.

So I am putting together a ActionFilterAttribute that checks for this, the disturbing thing for me is I have to hit the database for every controller that his ActionFilterAttribute is applied to. There has to be a better way of doing this but I have not found one yet.

Any ideas would be awesome..

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-25T10:21:48+00:00

Editorial Team

2026-05-25T10:21:48+00:00Added an answer on May 25, 2026 at 10:21 am

There has to be a better way of doing this but I have not found one yet.

No there isn’t. Sorry. If the notion of disabled/banned user exists only in your database there is no other way but hitting your database. ASP.NET only verifies the validity of the authentication cookie which is sent on each request. It doesn’t even know what a disabled user means so you cannot expect it do more than it already does.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I have noticed that if a user is still logged in or has a

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply