I have an application where users are assigned roles: control (can edit items, delete items add items), update (can update items) and read (can only read content). When the user logs into the web app, their information is stored in a CurrentUsers table. The app checks this table to ensure that no one else has logged in with the same role. If there is the user is put into read mode. So will happen if the user does not properly log out which leaves their session in the database. The only way to be able to log in with the correct role is to either have the service centre remove you from the table or to wait for the session to time out. When the session times out, the session_end is called and a delete statement is created to remove the user from the current users table. The problem is, this doesn't always happen. If a user logs into the application, moves away from the site but keeps the browser open, navigates back to the app, logs in again (will be in read mode) and then closes the browser, they will be in the table twice with the same sessionid. It seems like after the 15 mins has elapsed, they are not removed from the the table. It's like the session_end is not being fired. Is there anyway to check if it is being fired or if its my delete statement? The SessionState is set to InProc. Thanks!
Last edited: