I am working on an application where i maintain in a users session a value "myapp.user.LoggedIn" ( boolean ) where true indicates the user is a valid user ( his password and user name have been verified ). This allows me to allow access to web pages only to valid user. I have a "log out" option on each page that invalidates this session. Often users dont necessarily use "log out". How do I invalidate such sessions ? Thanks in advance Nikhil
well to invalidate the user you can use session binding events or time out kind of things otherwise in case use closes the browser then he cann't go to that session again so if the user is new then you can hop him to login page. bye.
Hi Ramneek, Can u explain what is "session binding events"? As u said using timeout is very easy I believe.Because by changing the server session expiring time we can achieve this too..