Re: OnLoggedIn/OnLoggedOut - not session?

The real trick is determining what concurrent actually means. It seems like
session state would be a better way to hande that. Session state is the
"thing" that is added to HTTP to make a stateless protocol stateful and
works the same way with forms and windows auth.

Perhaps you just write an HTTP Module to check how many sessions currently
exist when the session is created. If there are too many, then you block
them. You could also include a web widget to clear a user's session state
to make it easier for the customers to get another session.

The problem is that you can only hook the session start and end events with
InProc. I don't see an obvious way to query the "state" of the session
state to find out how many sessions exist. I could be missing something
though. I didn't look very hard.

You could implement your own cookie-based statement management system to
support your licensing.

Joe K.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"David Thielen" <thielen@xxxxxxxxxxxxx> wrote in message
news:87C64570-498A-41C5-B949-026B2A72016B@xxxxxxxxxxxxxxxx
Hi;

I don't take it personal - it's a good point. Unfortunately customers
don't
care that it's not a good approach for a stateless protocol - they vastly
prefer concurrent user licensing to total number of users licensing.

This is going to be a PITA I'm guessing.

thanks for the help - at least I know what I have to do.

thanks - dave


"Dominick Baier" wrote:

well - don't take this personal...

you have to build a manual logic for that and tbh it is just crazy to
licence a web app based per concurrent users...

i just think that this is just not suited for a stateless protocol.



.

Relevant Pages

  • RE: Trouble with huge amount of State Server Sessions Timed out
    ... "Unable to serialize the session state. ... > State Service or SQL Server can be memory intensive depending on the types ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: IHttpAsyncHandler problem
    ... My guess is that it's not the page you're waiting for, but the lock on the session state. ... It seems the Asp.Net ThreadPool thread used by the first tab is ... AsyncRequestState reqState = result; ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: Session Variables - why arent novice developers warned?
    ... very dangerous outcome which may result when the session variables are used ... Developers want the session to be preserved when a new browser ... You can research session state very thoroughly without finding any ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: IIS 6 Session Restarts
    ... Session state is not magical. ... It requires the client to send an ASP Session ... w3wp on the server must recognize that cookie and retrieve its state. ... The idle timeout for the app pool is set to 20 minutes which is what our ...
    (microsoft.public.inetserver.iis)
  • Re: Session Variables - why arent novice developers warned?
    ... You can research session state very thoroughly without finding any ... I think it is a basic role of documentation to point out potential ... Such that developers seeking basic guidance will not fail ...
    (microsoft.public.dotnet.framework.aspnet)