I'm looking to create a simple web form, and I would like to "discourage" users from filling a form out multiple times. The metrics of the form are used for statistical analysis, and each time a user fills out and resubmits the form, the result set usually changes, and hence analysis.
While we don't want to BLOCK re-trys (knowing that a re-try was done is also valuable information), we do want to warn users: "Hey, it looks like you filled this out recently. Are you sure you want to fill it out again?"
The caveat here is that we want to minimize the amount of personably identifiable information collected.
Is storing a cookie with the clients IP the best/simpliest way to do this? Or is there a simple method for caching an IP server-side for xx amount of time so we can run a comparison to says "hey, I think this guy tried to access me earlier today. I should present a warning".
Cookie with constant value should be enough, not even IP. If user did not cleared cookies you'd know that the user already filled out the form.
On easy solution I've used before is to put an invisible timestamp in the HTML form the user fills out. If you get submitted the same timestamp twice, you know its a re-submittion.
If you're worried about tampering, you can always mix up/encrypt the timestamp.
This could also just be a random unique identifier, I chose a timestamp in order to know how long a user took filling out a form (roughly).
This is basically like a session cookie, but might be considered more "private" as theres nothing for a client's computer to remember so it can't be used as like some tracking cookies ad sites.
The downside is that this method requires that a client/proxy not cache the form as it "changes" every request.
There are two issues here the user clicking the submit button multiple times, and the user filling in the form at another point in time.
For the second I can see two quite simple solutions would recommend a session cookie, just cookie the users machine and don't let them see the form again, or ask for a piece of information like email address and then check in the DB if its been used before, if so disregard the new form details.
For the multiple form submit you can use this code, which will disable the button onclick.
//
// Disable button with no secondary JavaScript function call.
//
public static void DisableButtonOnClick(Button ButtonControl)
{
DisableButtonOnClick(ButtonControl, string.Empty);
}
// Disable button with a JavaScript function call.
//
public static void DisableButtonOnClick(Button ButtonControl, string ClientFunction)
{
var sb = new StringBuilder(128);
// If the page has ASP.NET validators on it, this code ensures the
// page validates before continuing.
sb.Append("if ( typeof( Page_ClientValidate ) == 'function' ) { ");
sb.Append("if ( ! Page_ClientValidate() ) { return false; } } ");
// Disable this button.
sb.Append("this.disabled = true;");
// If a secondary JavaScript function has been provided, and if it can be found,
// call it. Note the name of the JavaScript function to call should be passed without
// parens.
if (!String.IsNullOrEmpty(ClientFunction))
{
sb.AppendFormat("if ( typeof( {0} ) == 'function' ) {{ {0}() }};", ClientFunction);
}
// GetPostBackEventReference() obtains a reference to a client-side script function
// that causes the server to post back to the page (ie this causes the server-side part
// of the "click" to be performed).
sb.Append(ButtonControl.Page.GetPostBackEventReference(ButtonControl) + ";");
// Add the JavaScript created a code to be executed when the button is clicked.
ButtonControl.Attributes.Add("onclick", sb.ToString());
}
Related
Im trying working on a web app project and trying to figure out how to display my answer on the second web page.
I have put a a text box on my first webpage and have corrected the coding of my application as I have received the correct answers in the textbox after I have debugged it.
Ideally I want to remove this textbox and want my answers which I managed to display on my textbox displayed on a label in the next webpage. Here is the calculation part of my code;
var cost = ((int)duration.TotalMinutes) * 0.35m;
txtCost.Text = cost.ToString("c");
I'd like to make my answer appear in my second webpage and not have it displayed in the first. I have tried using Session["Cost"] = cost; on the button click event handler of the first webpage double cost = (double)(Session["Cost"]);
lblDisplay.Text = cost.ToString("c");
and this on the second webpage but every time I Debug it and run I always get $0.00 displayed on my label. Can someone help me fix this?
Sharing value between two views in MVC application, try following
// To save into the Cache
System.Web.HttpContext.Current.Cache["CostKey"] = cost;
// To retrieve Cache Value
var cachedValue = System.Web.HttpContext.Current.Cache["CostKey"] as double;
For Session State, have a look at this link
In ASP.NET WebForms application, you can pass data around in various ways:
Cache
See the Learning Curve answer for examples.
However, the object put in the cache is not guaranteed to be found again if the server experiences memory shortage or alike. The ASP.NET manages the cache and evicts objects on its own to maintain memory availability. This is in contrast with ApplicationState and SessionState where the objects are kept until they are removed manually, or the Application ends or Session expires.
Session and Application states
You can put any object in the SessionState object and retrieve it elsewhere in your code. However, you need to cast it appropriately as the SessionState accepts object-s. E.g. if you store a number, when you retrieving it, you must do the casting yourself, just as you already did it.
The reason it doesn't work, is perhaps you're trying to retrieve it from within another user's SessionState. Yes, the SessionState is a per-user structure. If you need to add the value as from one device and use it on another, use ApplicationState:
Application["cost"] = cost;
Redirecting Response
Using this technique, you could force the browser to request another page from the server and specify the full query string, including the variables you need. E.g. :
var destination = Server.UrlEncode("/someOtherPage.aspx?cost=34.65");
Response.Redirect(destination);
As an alternative, you can use Server.Transfer("someOtherPage.aspx") to save the roundtrip. However, in that case, the browser doesn't change the address in the address bar so the user is misled that she browses one page, but in fact, it is the someOtherPage.aspx.
Session["SelectedRecords"] is used to contain the Id's of selected records, e.g.
SelectedRecords: 1108392 1108393 1108394
When I fire an ajax post that removes an id from the Session["SelectedRecords"] which as far as server side is concerned successfully removes the ID from Session["SelectedRecords"]...
List<int> ids = SessionHelper.GetSelectedRecordIds();
ids.Remove(selectedItemModel.Id);
string csv = string.Join<int>(",", ids);
this.Session["SelectedRecords"] = csv;
using an onSuccess/onRequestEnd event I then use console.log to output the Session["SelectedRecords"] to check.
function onRequestEnd(e) {
console.log('onRequestEnd SelectedRecords: ' + #Session["SelectedRecords"]);
}
But the console.log shows that Session["SelectedRecords"] (as far as the client is concerned still contains the removed id?!)
So the question is when I remove a value from Session["SelectedRecords"] via an ajax post and afterwards access Session["SelectedRecords"] in the view, the view is reporting 'old' values i.e. not the latest values?!
Generally, when you have one object in Session and you POST a delete, you have to remove it also from the Session. This is done like below:
Session.Remove("key");
where key is the unique key you have used to store the item in the Session.
However, in your case this will not work. You have to do two things:
Remove the SelectedRecords from the Session.
Add the new SelectedRecords (without the one record you deleted with your POST) to the Session.
After doing this (which after your update it seems you already have this logic in your code), you have to return back to the client the new SelectedRecords and replace the old value with the new.
Something like this:
$("#selectedRecords").val(newSelectedRecords)
The above should be executed in the success callback of your AJAX call.
I am currently trying to allow users to "personalize" their background-image on a website I've created with C#-ASP.net. I imagined as far as that I create a if statement, checking if the currently logged in user matches with the session variable created when logging in, and if it does, it allows him to change his/her background-image. Before I did this, I also thought that the best way of testing if it would work that way is to try to write out the content of the session variable directly onto the page. Thats where the issue come in. All I am getting is the "name" of the session variable and nothing else. How can I get this changed?
The code below is pretty much what I've tried with the session variables this far
<%
// User with the name of "Bob" is logged in with code further up
var login_username = Request["login_username"];
Session["loggedIn"] = login_username;
Response.Write(Session["loggedIn"]);
// Results in it writing out "loggedIn".
// Expected "Bob".
%>
I'm going to be fair, I have no idea if this is enough for anyone to give me a hand and If I am even on the right track, but thats that. If theres a better way of doing this, I'm up for suggestions.
At the time of logging in, store your username into a session variable,
for eg: Session["loggedIn"] = username
Then, read the session value to a label text using
Convert.ToString(Session["loggedIn"]
Alternatively, one can write Response.Write(Session["loggedIn"]); to get the string of the variable.
Is there a way to pass a parameter to a controller without putting it on the URL?
For example,
http://www.winepassionate.com/p/19/wine-chianti-docg-la-moto
has the value 19 on the URL. If you actually change that value to another, the page displays a different record even it the page name remains the same.
So I would like to NOT pass the ID on the URL but still be able to pass that to the Controller.
What's the recommended way to do so?
You can do a post and send it as a form parameter. I do not recommend this. Posts should be for requests that modify data. In this case you're most likely looking just to get that data. The fact that the id is in the URL is a good thing (see the Stack Overflow URLs for reference). If you really don't want the user to be able to modify it (I hope it's not because you think this makes it more secure, because it doesn't), you could do some simple encryption on it to make it more difficult to guess/produce a valid ID.
Using TempData, as some other suggest, is not a robust solution. It won't work for links on a page, just a GET after POST, and then only once since TempData is deleted after the next request.
Well, you have a couple of options:
Is this a form post? If so, then you can simply add a specific key value pair to your form when you submit it and then data will be passed along.
Is the URL unique to that resource? i.e. Does "Wine-chianti-docg-la-moto" exist as a unique representation of the number 19 in a database somewhere? If so, then you can simply do a lookup of that route component in your database to retrieve the value you need (or push that logic all the way down to the database).
Is that a value that is not expected to change a bunch? You can set that value in Session or in a cookie that would be persisted across pages and then pull it from the respective collection.
Are you redirecting to this page from another request on your server? If so, then you can use TempData to store this temporary value. However, I would recommend against this approach, as it is very transient and not good practice imo.
Lastly, you can obscure the value on the URL if you dont want it to be easily user editable. Encrypt it with some algorithm, and then decrypt it on the destination page. The user will be unlikely to be able to alter the ID by typing in a different value in the URL.
If the page is a GET, and you are following the PRG like you should be (Post-Redirect-Get) then you can use TempData["dataName"] = value; in your [HttpPost] controller and then consume it in your [HttpGet] method. It really depends on how the page is being called.
However, there is nothing wrong in letting the user change that number if it is not security related, and is common practice to show non-vital information in the url like that.
You should use TempData in this case. A good read on this can be found on this blog.
TempData allows you to store a value temporarily between requests and is, by default, erased after being accessed.
// TempData samplepublic ActionResult Featured(){ var featuredProduct = new Product { Name = "Assorted Cupcakes", Description = "Delectable vanilla and chocolate cupcakes", CreationDate = DateTime.Today, ExpirationDate = DateTime.Today.AddDays(7), ImageName = "cupcakes.jpg", Price = 5.99M, QtyOnHand = 12 };
I have 2 webforms with 1 ListBox Control on each of them.
How do I access the Listbox that's located on webformA from webformB?
For example I wish to declare something like this string name = ListBoxWebformA.SelectedValue.ToString(); on WebFormB, so that I can work with that value in the code of WebFormB.
The ListBox on WebFormA lists several names.
When I select a name from the listbox and press the OK button I call Response.Redirect("~/WebFormB.aspx");
So from WebFormB I wish to access this "name" by putting the selected value into a string.
Based on your edit, the easiest (possibly best) way to go about doing this will not be to try to maintain a stateful instance of webformA during the request to webformB. Once the user is redirected, assume that webformA is gone.
Instead, when you're about to perform the Response.Redirect() to webformB, include in some way the value from webformA that you wish to pass along. The easiest way to do this will be on the query string. Something like:
Response.Redirect(string.Format("~/WebFormB.aspx?name={0}", HttpUtility.UrlEncode(ListBoxWebformA.SelectedValue.ToString())));
Then, in webformB you can access the value:
string name = Request.QueryString["name"];
Note that you'll want to do some error checking, etc. Make sure the value is actually selected before appending it to the redirect URL on webformA, make sure Request.QueryString["name"] contains a value before using it in webformB, etc.
But the idea in general is to pass that value along, by query string or POST value or Session value or some other more stateful means, when redirecting from one form to the other.
I guess you have to resort to either passing the value from A to B in the query string or storing the value in Session and reading afterwards.
So would be a
Response.Redirect(string.Format("~/WebFormB.aspx?YourVariable={0}",HttpUtility.UrlEncode(ListBoxWebformA.SelectedValue));
and you can read it in Form B like
Request.QueryString["YourVariable"]
If the values are not sensitive this approach above would be the best.
If they are... To store in Session:
Session["YourVariable"] = ListBoxWebformA.SelectedValue
And to read...
if (Session["YourVariable"] != null) {
var listAValue = Session["YourVariable"].ToString()
}