Yes, I have managed to check if a user already has an other session on the .Net/ISS stack with SQL database.

Of course, the user needs to be logged in, before you can check this.

In short:

- Sessions are stored in a separate database (osSession in my case)
- Create a Database connection to this database (preferably with a read only user)
- In IntegrationStudio create a mapping to two of the three tables: ASPStateTempSessions and ASPStateTempSessionExtVars
- In your application set the dependencies to be able to use this tables
- Create a query joining these two tables based on the session id
- Filter on:
      - ASPStateTempSessionExtVars.UserId being the Session.UserId
      - ASPStateTempSessionExtVars.Cookie being the Session Id you can get with HTTPRequestHandler.GEtSessionId (bit strange, but the session id in the tables have some extra characters)
      - ASPStateTempSessions.ExpirationDateTime > CurrDateTime()

This did the trick for me.

Another approach is to use the GetSessionId function from HttpRequestHandler extension and a local table of your application to save the SessionId and UserId. Inside On Session Start event check for an active session for the user who is logging in and kill this session of your control table. On the Begin Web Request event check your session still exists in this table if not abort the request and proceed with Logout. I believe that you don't need any kind of control because the session may not be necessary to remain in this table, that the next logon delete the old session and insert the new one. That way you avoid working directly with the system tables and does not run the risk of future incompatibilities due to system updates. Map directly to the system tables are not supported and is not advisable.

Alexandre Costa wrote:

Hi Alexandre, did you get to implement this solution? I'm concerned with the performance of the application if for each web request we need to perform a query to a table and act on its response.

Any thoughts?