See my advices below:
- Store
LastActivityDate
for each user. If you are using asp.netSqlMembershipProvider
- this field exists there, if you use another authentication mechanisms - probably you need to create it and update with each request of certain user. - Add an additional boolean field
LoggedIn
for each user. This field will be set to true when user does login. If you are using asp.netSqlMembershipProvider
you can store its value inComment
field. - When user closes the browser send request to server to 'logout' user, which means set
LoggedIn
field tofalse
. Usewindow.onbeforeunload
javascript event for that. - On user login you should check
LoggedIn
field for the user, if it is false - you simply process the operation. If not - you should checkLastActivityDate
value, and if it older than a timeout you will define (lets say 3 minutes) process the operation. If not - reject it and show error message. This additinal check is required because we cannot guarantee thatwindow.onbeforeunload
is always executed. - The final step would be a javascript which consequentially calls a server action in timeout which updates
LastActivityDate
. This script should be defined on each page which is accessible for logged in user.
I hope the approach is clear.