Normally I would handle a logged in user by setting a session after a

Question

0

Asked: June 17, 20262026-06-17T21:04:26+00:00 2026-06-17T21:04:26+00:00

Normally I would handle a logged in user by setting a session after a

0

Normally I would handle a logged in user by setting a session after a successful login. That session is then checked on each request to ensure it exists.

But was about if I disabled a user account and they were currently logged in? In that case, the user would still have access to the system until their session expired.

Currently, I am pulling the account information from the database on every request and checking the status field. I feel this is a lot of unnecessary overhead. In my scenario, there are accounts and users within those accounts. Therefore, I’m having to check the account status as well as the user status on each request.

Is there a better way? Note that I’m using SQL Server Session State as this a multi-server environment.

Thanks in advance.

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-06-17T21:04:27+00:00

Editorial Team

2026-06-17T21:04:27+00:00Added an answer on June 17, 2026 at 9:04 pm

Store the session ID’s in the database on session start. When you disable a user just remove the value in the user session id field in your database.

Check if the session id matches the stored session id in your database on requests.

If not, session.abandon().

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

Normally I would handle a logged in user by setting a session after a

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply