public void CheckExceededMaxConcurrent(string username, System.Web.HttpSessionStateBase session) { if (!string.IsNullOrWhiteSpace(username)) { _userDataAccess = new UserDataAccess(_context); if (session["sessionid"] == null) { session["sessionid"] = "empty"; } // check to see if your ID in the Logins table has LoggedIn = true - if so, continue, otherwise, redirect to Login page. if (_userDataAccess.IsYourLoginStillTrue(username, (session["sessionid"] as string))) { // check to see if your user ID is being used elsewhere under a different session ID if (!_userDataAccess.IsUserLoggedOnElsewhere(username, (session["sessionid"] as string))) { // Do nothing } else { // if it is being used elsewhere, update all their Logins records to LoggedIn = false, except for your session ID _userDataAccess.LogEveryoneElseOut(username, (session["sessionid"] as string)); } } else { // Go to Login page session["sessionid"] = null; } } else { // Go to Logout page session["sessionid"] = null; session.Clear(); session.Abandon(); session.RemoveAll(); } }