>>not sure I understand
>>wwSession.userID is populated with application's user id, whatever it is
>>
>>IIS has nothing to do with this
>
>Well, this is what I already have here. I have a Member.Session field to hold a session ID. The problem is when a login is done from that account, it overwrites the Member.Session field with a new session ID as a new login has been done. So, if the user had two instances of the browser loaded, the 2nd login instantiates an updated version of the cookie at the browser level. So, if he switches to the other instance, that browser will think it is now the login from the other browser instance and the menu no longer matches. This is the situation I need to detect. Once detected, I would then be able to kick out, sort of, the user on that specific browser instance with a message explaining why.

What I understand and know:
- 2 instance of the same browser on the same machine = 2 tabs in the same browser = same cookie

- login on another browser / same machine or same browser / other machine > different cookie > new session > user ID from application (lookup in a table) > kill other sessions using this app user ID and another session ID