SitePoint Sponsor

User Tag List

Results 1 to 2 of 2
  1. #1
    SitePoint Mentor NightStalker-DNS's Avatar
    Join Date
    Jul 2004
    Location
    Cape Town, South Africa
    Posts
    2,873
    Mentioned
    44 Post(s)
    Tagged
    0 Thread(s)

    Users online session expiry

    Hi there

    We have a users online section on our website. Below is the code for the global.asax

    After playing around with the code for some time,we have a pretty stable solution.We opted to store the online users in a database to make it more stable.
    The user gets inserted into the database everytime he logs in at the logon page.
    The only problem is that everytime we update our app_code,all of the users online dissapear.

    The session_start code was implemented to try and stabalize the system a bit---it is technically not needed cause users are inserted into the database on the logon page.
    It was implemented for when the Formsauthentication hasnt expired,but the session has.
    According to the code below,shouldn't the database entry be re-inserted if session expires because of recompilation of app_code?
    Any help would be greatly appreciated.

    Code:
    void Session_Start(object sender, EventArgs e) 
        {
           //the person is still logged in--only his session expired because of app_code--re-insert him into the database
           if (User.Identity.Name!="")
            {
              
        }
        }
    Does anybody have any ideas on how to fix this?
    As i have said, it works pretty well unless you change anything on the app_code.


    Code:
    <script runat="server">
    
        void Session_Start(object sender, EventArgs e) 
        {
           if (User.Identity.Name!="")
            {
                SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings["ConnectionString"].ToString());
                SqlCommand checkOnlineCmd = new SqlCommand("Select * from OnlineUsers where username=@username", con);
                checkOnlineCmd.Parameters.AddWithValue("@username", User.Identity.Name);
                con.Open();
    
                SqlDataReader reader = checkOnlineCmd.ExecuteReader();
                if (!reader.Read())
                {
                    reader.Close();
                    checkOnlineCmd.CommandText = "Insert into OnlineUsers(sessionID,username) values('" + Session.SessionID + "',@username)";
                    checkOnlineCmd.ExecuteNonQuery();
    
                }
                con.Close();
            }
            
    
        }
    
        void Session_End(object sender, EventArgs e) 
        {
    
            SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings["ConnectionString"].ToString());
            SqlCommand deleteOnlineUserCmd = new SqlCommand("Delete from OnlineUsers where sessionID=@sessionID", con);
            con.Open();
            deleteOnlineUserCmd.Parameters.AddWithValue("@sessionID", Session.SessionID);
            deleteOnlineUserCmd.ExecuteNonQuery();
            deleteOnlineUserCmd.Dispose();
            con.Close();
           
            //FormsAuthentication.SignOut();
    
        }
           
    </script>

  2. #2
    SitePoint Wizard silver trophy
    Join Date
    Sep 2002
    Location
    Cleveland, Ohio, USA
    Posts
    1,494
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    First off, I strongly suggest moving your database code out to a place that is just for data access, either in App_Code or a class library or something. It makes your code easier to read.

    Your code is at odds with the way that ASP.NET handles sessions internally. You can't rely on it, or session ID's. A better way is to circumvent it entirely by creating your own ID's and storing them in a cookie, and comparing those ID's to the database. Then you need a static Timer (do this in an HttpModule) that runs every so often to clean out the dead sessions based on time.

    I've got an implementation of this in my forum app (link in sig) if you'd like to take a look. Look in the class library in the security namespace, and the HttpModule (in UI/HttpModules) that has the timer.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •