I'm programming a Chat. Basically, I have a window (TextBox) where I want to display all users that are in the conversation at the moment but I do not wish to use a database.
So, I would need to keep my table of active users somewhere persistent something that does not get erased on refresh.
I looked in to Sessions. However, they expire and I can't keep the array of my active users in there. I also looked in Application Object and it seems this could solve my dilemma. However:
Say I call
String[] users = new users String[1000];
Application['users'] = users;
In my Page_Load() method, sure I can store the new user in to that table but then each page load will override the table and I will always show only one user but I guess implementing something along lines is isset() could solve that.
So I would need to keep my table of active users somewhere persistant
something that does not get erased on refresh.
A database is the solution for that.
The Application[] is actually a static variable, so its delete it when pool recycle, and also if you have more than one pool, than you have more than one common Application variables.
Read about application state: Using static variables instead of Application state in ASP.NET
See some other examples with asp.net chat:
http://www.codeproject.com/Articles/33817/Build-a-Web-based-Chat-using-ASP-NET-Ajax
Related
Currently I'm trying to implement an auto login link for the emails sent from the site.
One of the requirements is that the user is able to see the link but not the rest of the site unless he manually logs in.
My current problem is that I cannot get the logout part right. The current flow goes something like this:
Check if the user is logged in
If not, check the url query string and do some calculation to check
the code
If everything is alright I log the user in, update the CurrentUser
and all the Session object
Then I need to use HttpContext.Response.Redirect() because the way
the system is made (as far as I have read using Redirect is a quite
abrupt way to cut the Request, but my current issue is that the
system will keep checking other things and redirect me to the LogIn
page if I don't cut it here)
At this point the user is Logged In
If they click on a new link inside the page, on this new Request it will check some Session properties
created on step 4 and if they exist it will log the
user out.
My problem is that it works some times and some other times it doesn't. A pretty consistent thing I notice is that is not working when I open the link in a new browser instance, but generally works when opening on an already open browser.
I guess something could be happening with the Session object between the Redirect and the new Request specially on a new browser instance, but not sure why.
Edit: The problem is happening on step 6
I'm not sure if i totally understand your question, but here are some ideas related to session problems.
Probably when opening the new instance a new Session is created. Therefore your data is gone.
A work around might be storing the needed values in the cache. This is dangerous because cache items can be deleted if iis thinks there is not enough memory.
https://support.microsoft.com/en-us/kb/323290
Another workaround might be saving the needed values in a database.
Or send the needed data through the headers.
Hello All I need all your help badly. We have made a role,ID based application in asp.net(C#) where the menu appear as per his roles. This is fine now the users are trying to directly type the link in address bars and using them. Cant restrict them in page loads and sessions as this is a production site which is already slow. So my intension is to show the url in encrypted format which expires in certain time where the user cant copy and paste it. Is there any possible way...
Cant restrict them in page loads and sessions as this is a production site which
is already slow.
Fix that crappy code and / or add more servers. Because this is the ONLY way it makes sense to do it. Anything else is the type of security that gets broken into and then you run around blaming the world for being unfair.
So my intension is to show the url in encrypted format which expires in certain
time where the user cant copy and paste it.
? So the menu has an encrypted URL that is only valid like for half a second? What if the user browses the source code of the page? He can see all the source there.
This is not security, it is hogwash. Sorry to be blunt, but this is not going to work and you are making a bad job here.
Checking this in page load will take less than a millisecond (assuming you cache roles in the session). WAY less.
Check for user role in page_load event and if the user does not have permission then redirect him to a page showing permission denied.
Please provide code if you need further help.
Yeah.... you've painted yourself into a corner here.
Short answer:
No, there's no clean way to do this and whatever type of 'special' url implementation you create will be open to abuse/spoofing and still require you to add code anyway.
Long answer:
I can't see any viable solution other than injecting some code into Page_Load.
I take it you're not using WIF/Claims-based security, just some bespoke written user login, database store based code? So your best approach (at this point) is to make a simple class in App_Code: When the user logs in, load their permissions into something like a DataTable and store that in a session variable. That way you can avoid doing database requests every time the page loads/posts back, this'll probably speed your site up a bit too.
Build a non-static method in a class that is to be used on Page_Load, where this will get the URL (or page id) being accessed, then check that against the session stored DataTable. If that check fails redirect them to an access denied page.
Building the class foundation is key, don't attempt to shortcut and copy-paste chunks of code into each page. With the 'security' class you can standardise your code and reduce testing down to a few simple checks.
I've got a problem that may either be a limitation in my approach or asp.net web forms technology. The main driver for this solution is the simple fact that when users sit on an individual page for an extended period of time, they are redirected to our CAS server and back to the page itself which results in all of the form inputs being cleared as if the user did not enter any information (i.e. losing the ViewState/control state). With that being said I was exploring other options such as:
Using HTML localStorage to store a JSON string of all values on the page that can be parsed into an object and loaded into the form later if needed.
Even though this solution allowed me to store values on each page in individual key/value pairs (page instance 1 in localStorage[ID1], page instance 2 in localStorage[ID2] etc.), there was still a limitation on the server side of validating which page the user is saving. Right now I am using the session to maintain which form the user is viewing ie. the user is only associated with 1 page. To continue the example, the session information would result in the user being associated with either localStorage[ID1] or localStorage[ID2], not both ---which is precisely my problem. I need to communicate from the client-side which one page is to be saved. I've explored the following options, and come up with the following questions:
A static class that contains a static collection of objects on the server side storing which users have which pages open--> problem: communicating which page is actually being saved.
Dynamically rendering my save buttons with IDs that include an encrypted version of the page identifier at hand.
Storing the current value being edited in the Querystring
A cookie value that stores the value of the ID that the user wishes to change on post back-->how will the cookie get its value--especially when an ID is new (user is filling out form for the first time)?
I may be over complicating this and I know there is an easier way.
Many sites solve this problem by displaying a dialog when the user has sat on the page too long, asking if they still want to maintain their session. If the user doesn't click "Yes", then lose the session.
Another solution would be to permit a user who knows he's going to not use the page for a while to save the results so far and to restore them later, and continue.
Before proceeding with a technological solution, I'd try to find out why the users are sitting on the page so long. Whatever their reason is, you'll want to try to accommodate it if it's a good reason.
If the reason is "because we don't really care about your page and just didn't bother to close it", then your current solution works fine.
I just wanted to close out my own issue. I will resolve my problem by storing encrypted values in the query string to maintain page state. From there I will all values the user enters on the page within stringified json objects within localStorage. For example: page 1 with id: aa will have one key value pair within localStorage in the format [appName_pageId]. Page 2 with id bb will have a similar key value pair. If the user gets redirected to our CAS server and lands back on my page with all values cleared, I will be able to load the correct inputs from localStorage based on the value in the query string parameter (aa or bb). The important principle to remember here is that central control belongs on the server and distributed control should be done on the client.
So I have an ASP.Net website. I'm trying to make it where the owner of the website can change a portion of her website that is just text. I was thinking to make it a string variable that she can change on one part of the website and it posts on the other part. I tried looking at [this page](http://msdn.microsoft.com/en-us/library/vstudio/ms178139(v=vs.100).aspx"A link to Cross Page posting with ASP.Net Webpages") and the directive it tells me to include isn't recognized. I can get the variable to change and display on the page I changed it with, but have no idea how to make it to where I can use it on another page.
In order to have changes maintained across sessions and application restarts the data will need to be written out to persistent storage. Typically that would be a database, or for simple systems, one or more files.
If you are going allow modification of the site then there are security concerns. A common scenario would be to have an administrative login that allows access to the underlying data.
We have a Review System in place where I work. A manager selects an employee to review, which then sets the EmployeeID as a Session["EmpID"] variable. Now, the manager can enter in the information for the said employee.
Our Issue:
When a manager opens another tab or window in the browser (ie. Internet Explorer), searches for a different employee, it sets Employee #2 ID as the Session["EmpID"] variable, over-writing the first one. When the manager switches back to Employee #1 and enters information, they believe they are entering information for #1, however it enters it as #2 since they selected it last.
Does anyone have ideas to prevent this from happening?
When using tabbed browsing you actually use the same asp.net session, and therefore, if you don't uniquely seperate one page's cache from the others, you get the same data.
If your pages uses the session to store data, use a unique identifier (such as a GUID) as a prefix for the key. Store the guid in a hiddenfield or in the ViewState.
Maybe it'll suffice to store the EmpID in the ViewState. Then Tab1 will keep it's value even if Tab2 had another value.
ASP.NET session id shared amongst browser tabs
Way around ASP.NET session being shared across multiple tab windows
http://forums.asp.net/t/1227829.aspx/1
It sounds more feasible to store the empID in a hidden field/tag in the contents of the page. Save your record based off that string record = span.innerText , because that will be on the page not the session