When they kill the browser thier session will terminate automatically. You can define a session userid variable, have a session timeout set on iis and check to see if that variable still exsists on each page the user visits. If they leave your site and come back you will see the session.userid still exists then proceed.
**When they kill the browser thier session will terminate automatically**<BR><BR>The session will live on the server until you abandon it or the timeout is reached. <BR><BR>What if user opens two different browsers (Netscape & IE)? He can get two different sessions. <BR><BR>Limiting the user to only one login and knowing when to log him out is a hard thing and I don't have a good solution. You could set a DB value when they login and delete it on Session_onEnd, but if the user comes back before on_End he won't be able to login. Unless you absolutely have to I'd just let 'em login whenever they want.
yeah... that's right. Reduce time to 5 minutes, but even still say someone accidentally closes their browser then has to wait 5 minutes to log on again. That would be a pain! I guess they would learn soon enough!!