Yes, I believe you are on the right track. I would store the session ID 
(which is shorter than the Forms cookie) against a user's record in the 
database when he/she logs on. 

Clear that field when a user logs off. I would also program the 
Session_End event handler in Global.asax.vb file to implicitly log the 
user off when his/her session expires.

Hope this help.
Charles

> Hi all,

> Would appreciate if any of you can help out on this. I'm using 
F> ormsAuthentication to perform authorization of users by comparing user 
l> ogin with the credentials stored in database. The thing works fine 
except 
f> or one detail. How do I prevent the same user from logging into the 
s> ystem using two browser session? Do I need to store the 
F> ormsAuthentication ticket on the database, and check against this, when 
a 
u> ser logs in, to see if he has already logged in on another system?

> Any help would be greatly appreciated. Thanks.