本文章使用asp.net内置membership作为登陆操作 关于配置membership 不用说明了 网上都有的 首先建立一个login页面 随便放一个login控件和loginstatus控件 aspx代码 <body> <form id="form1" runat="server"> <div> <asp:Login ID="Login1" runat="server" onloggedin="Login1_LoggedIn" onloggingin="Login1_LoggingIn"> </asp:Login> <asp:LoginStatus ID="LoginStatus1" runat="server" onloggingout="LoginStatus1_LoggingOut" /> </div> </form> </body> cs代码 MembershipUser user; protected void Login1_LoggedIn(object sender, EventArgs e) { if(user ==null) user = Membership.GetUser(User.Identity.Name);//获取登陆用户名的membershipuser实例 Guid newguid = Guid.NewGuid();//新建guid HttpCookie cookie=Response.Cookies[FormsAuthentication.FormsCookieName];//获取cookie FormsAuthenticationTicket ft = FormsAuthentication.Decrypt(cookie.Value);//解密表单票 FormsAuthenticationTicket newft = new FormsAuthenticationTicket(ft.Version, ft.Name, ft.IssueDate, ft.Expiration, ft.IsPersistent, newguid.ToString(), ft.CookiePath);//重新创建一个表单票 把生成guid加入userdata中 user.Comment = "loginExpiration;" + ft.Expiration.ToString() + "|loginSessionID;" + newguid.ToString();//存储guid数据和过期时间 Membership.UpdateUser(user);//更新用户数据 Response.Cookies.Remove(FormsAuthentication.FormsCookieName);//删除已有相关formsName的cookie HttpCookie newCookie = new HttpCookie(FormsAuthentication.FormsCookieName, FormsAuthentication.Encrypt(newft));//重新创建cookie newCookie.Domain = cookie.Domain; newCookie.Expires = cookie.Expires; newCookie.HttpOnly = cookie.HttpOnly; newCookie.Path = cookie.Path; newCookie.Secure = cookie.Secure; Response.Cookies.Add(newCookie);//输出cookie到客户端 } protected void Login1_LoggingIn(object sender, LoginCancelEventArgs e) { if (user == null) { user = Membership.GetUser(Login1.UserName); } //禁止同一个会话再次登陆 //禁止同一个会话再次登陆 if (user != null) { if (User.Identity.IsAuthenticated && user.UserName == User.Identity.Name) { if (!string.IsNullOrEmpty(user.Comment) && user.Comment.Contains("loginExpiration")) { string currentExpirationStr = user.Comment.Split("|".ToCharArray())[0]; DateTime currentExpiration = DateTime.Parse(currentExpirationStr.Split(";".ToCharArray())[1]); if (currentExpiration < DateTime.Now) { e.Cancel = true; Literal t = Login1.FindControl("FailureText") as Literal; t.Text = "你已经登陆了 !"; } } } } } protected void LoginStatus1_LoggingOut(object sender, LoginCancelEventArgs e) { //退出登陆 清空用户的comment数据 MembershipUser mu = Membership.GetUser(); mu.Comment = string.Empty; Membership.UpdateUser(mu); } 然后 需要一个Httpmodule模块 cs代码 using System; using System.Collections.Generic; using System.Linq; using System.Web; using System.Web.Security; namespace aspnetajaxtast { public class FormsAuthsessionModule : IHttpModule { public void Dispose() { } public void Init(HttpApplication context) { context.PostAuthorizeRequest += new EventHandler(context_PostAuthorizeRequest); } void context_PostAuthorizeRequest(object sender, EventArgs e) { HttpApplication app = sender as HttpApplication; HttpContext c = app.Context; if (c.User.Identity.IsAuthenticated) { FormsAuthenticationTicket ft = (c.User.Identity as FormsIdentity).Ticket; Guid g; if (ft.UserData != "") { g = new Guid(ft.UserData); } else g = Guid.Empty; MembershipUser user = Membership.GetUser(c.User.Identity.Name); Guid currentSessionGuid; if (!string.IsNullOrEmpty(user.Comment)) { string currentSessionStr = user.Comment.Split("|".ToCharArray())[1]; currentSessionGuid = new Guid(currentSessionStr.Split(";".ToCharArray())[1]); } else { currentSessionGuid = Guid.Empty; } if (g != currentSessionGuid) { FormsAuthentication.SignOut(); //清空cookie登陆数据 需要重向url //自己自定义转到url的代码 } } } } } web.config 需要配置httpmodule 在<system.web>下 <httpModules> <add name="FormsAuthsessionModules" type="aspnetajaxtast.FormsAuthsessionModule"/> </httpModules> 这是vs测试或者iis7以下版本需要的 如果在iis7 需要以下配置代码 <system.webServer> <modules runAllManagedModulesForAllRequests="true" > <add name="FormsAuthsessionModules" type="FormsAuthsessionModule"/> </modules> </system.webServer> 测试需要两个浏览器就可以了 一个ie 一个ff可以当模拟两台电脑 如果你有两台电脑的话 也可以