how can I limit on a server that each login can only be logged in once a specific time.(meaning 2 people with the same login cannot be logged in at the same time but different users can)
currently i set the login in a session.

You have to check if somebody is already logged on whenever he/she tries to logon.

You need to keep track of all currently logged on members at application level, so whenever somebody logs on, add him/her to an application wide collection. With each logon attempt, check first if the username is in the loggedon collection. Whenever a session ends, (this is tricky i know, search this forum for information about session_onend) remove the username from the application wide collection.

thanks -- iv'e never used the application object before but I guess this is reason to... can i use an array in the application object

yes you can

the problem is the session does not end when the window is closed.
What do I do about this???

there is nothing you can do about that. You have to wait until the session epires. Some cases, the session_onend event might not be called at all. There is more in this forum, search for session_onend.

so then the user will forever be logged in -- what can I do around this?

well, the session should expire after a while, then the session_onend should be called. I cannot find the scenario where the onend is not called, but i remember there was a situation where this could happen.

session_onend is not reliable when database or network interaction is neccesary in the event.

Just removing an entry from an application array should work though.

Otherwise you should have an admin page where you can edit the contents of the application array. That way you can manually remove the user from the logged on users and he/she can logon again.

nO MAN LUCKIEST

Another option would be to have a logged_in field in the database.

I know this is a old thread but I like the topic. I have tryed in the pass to use the application so on session_onstart I add the name and on session_onend I remove the name. I have to say it is easyer said then done.

What I do is to create a unique identifier when the user logs in. I place this identifier in the database and in a cookie.

So a user logs in and is moved to someother page within my site. If he opens another browser window and logs in again then a new unique identifier in placed in the database and that identifier is placed in a cookie. So now if he trys to do anything with the first browser the identifier in that cookie will not match the identifier that is in the database.

>>Esthera
>>the problem is the session does not end when the window is closed.
>>What do I do about this???

'Try to place the following asp codes in top of your asp file
<%
Response.Expires=0
Response.ExpiresAbsolute=now()-1
Response.AddHeader "pragma","no-cache"
Response.AddHeader "cache-control","private"
Response.CacheControl="no-cache"
%>