Solved

Using the Global.asax file

Posted on 2008-06-23
11
1,030 Views
Last Modified: 2010-04-21
Hi,
How do I call a method on one of my .aspx pages from my global.asax page?
For example I have the method Logout() on my default.aspx page.
When the Session_End event fires on the global.asax page, I'd like it to call the Logout() method from the default.aspx page.
0
Comment
Question by:P1ST0LPETE
  • 6
  • 5
11 Comments
 
LVL 33

Expert Comment

by:raterus
ID: 21849136
Not so fast Session_End can and will fire without a specific user request hitting the server.  If your goal here is to logout the user, destroy any cookies, etc., you can't do this from this method.
0
 
LVL 10

Author Comment

by:P1ST0LPETE
ID: 21849352
Ok, maybe I need a different approach then.  What I basically need is a way to capture if a user has closed the browser or tab containing my website without logging out first, so that I can log the account out.  Would using page unload be a better option?
0
 
LVL 33

Expert Comment

by:raterus
ID: 21849431
When you say log out the user, exactly what do you want to happen?

You can catch the closing of the tab/window by something like this <body onunload="someFunction();">.  However the minute you try to request another page, it going to be popup blocked, guaranteed!  You also will have a very hard time trying to figure out is the the last window they have open to your site?  I can tell you for one, I like to open up a site into multiple tabs, and if I closed one and you logged me out, even though I had two other windows open, I'd be rather unhappy.

You really should revisit how to gracefully clean up / log out a user from the server, and forget their client browser.
0
 
LVL 10

Author Comment

by:P1ST0LPETE
ID: 21849607
Good Points.

Quote: "When you say log out the user, exactly what do you want to happen?"

My user table on the Database has a column titled "Status".  Currently when a user successfully logs in, an update statement is passed to the database to set the value of Status = online for that specific user.  When that user clicks the logout button to logout, a update statement is passed to the database to set Status = offline.  Ive done this, so that when the site admin has logged in, he/she can check and see how many users are currently logged in, and what the specific names of the users are.  However, under this setup, if a user doesnt properly logout, then the update statement is not being passed to the database to set Status = offline, and the user appears to always be online.

There are probably better ways to go about doing this......
Im definitely open to better ideas, as Im a new, inexperienced programmer - However, Im thinking my method would suffice if I could somehow get an event to trigger when a user exited my website without properly logging off.
0
 
LVL 33

Expert Comment

by:raterus
ID: 21849848
I think you're right on about putting this in Session_End, I just wanted to clarify with you that this isn't tied to a specific request on behalf of the user, so you don't have access to the Request/Response objects.  However you should be able to get the username and run some last minute code to change the status.

As for actually running this code, I'd move the LogOut code to somewhere in App_Code, and have both your logout page and Session_end call the same method.

You also might want to make sure in Application_Start, you set all users to the logged out status, because if your application abruptly restarts (like when you put out a new version), you can have issues there.
0
Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

 
LVL 10

Author Comment

by:P1ST0LPETE
ID: 21849911
Hmm, I've never put code into App_Code before, or called upon code from there, but it makes sense and is right along the lines of what I was just thinking.  What I was just about to test was, simply copying the same lines of code I have in my Logout() method and putting them into Session_End().  However, following your advice and putting the code into App_Code would seem to be the correct way to do it, I'm just not sure how.
0
 
LVL 33

Expert Comment

by:raterus
ID: 21849979
You put classes into App_Code, and that gets into the whole discussion of object-oriented programming.  If you post your logout code, I can probably tell you how to best put this in App_Code.
0
 
LVL 10

Author Comment

by:P1ST0LPETE
ID: 21849993
When does Application_Start actually run?

Also, in testing I have the code from Logout() now in Session_End(), however, when testing it seems that the users is still logged in.  I'm assuming that this is because the session state is set to a default timeout of 20 min, and I'm am testing too soon, before the timeout takes place.  Does this sound correct?  If this is the case, does the server hold and run the lines of code found in Session_End() when the timeout finally occurs?
0
 
LVL 10

Author Comment

by:P1ST0LPETE
ID: 21850012
Logout code below:
protected void Logout(object sender, EventArgs e)

    {

        string privateID = Session["PrivateID"].ToString();

        string statusSQL = "UPDATE [Users] SET [LogStatus] = 'OFF' WHERE [PrivateID] = '" + privateID +"'";

        SqlCommand statusCMD = new SqlCommand(statusSQL, conn);

        conn.Open();

        statusCMD.ExecuteNonQuery();

        conn.Close();
 

        Session.Clear();

        Response.Redirect("http://www.mycompany.com", true);

    }

Open in new window

0
 
LVL 33

Accepted Solution

by:
raterus earned 500 total points
ID: 21850059
Application_Start runs on the first request to the application

Yes, you'll need to wait at least 20 minutes until you test, and remember, if you refresh too soon, your session timeout will renew, and you'll have to wait even longer.

The only thing you can't have in the Logout code if you put it in app_code is the Response.Redirect at the end.  You can keep this in the Logout page though

I'd use a shared function

public class AppFunctions()
{
  public static void Logout()
  {
        string privateID = Session["PrivateID"].ToString();
        string statusSQL = "UPDATE [Users] SET [LogStatus] = 'OFF' WHERE [PrivateID] = '" + privateID +"'";
        SqlCommand statusCMD = new SqlCommand(statusSQL, conn);
        conn.Open();
        statusCMD.ExecuteNonQuery();
        conn.Close();

  }
}

Then in your logout page you'd use
AppFunctions.Logout();
Response.Redirect("http://www.mycompany.com", true);

and in Session_End you'd simply call
AppFunctions.Logout();
0
 
LVL 10

Author Closing Comment

by:P1ST0LPETE
ID: 31469846
Makes sense, thanks for the help.
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

Suggested Solutions

A quick way to get a menu to work on our website, is using the Menu control and assign it to a web.sitemap using SiteMapDataSource. Example of web.sitemap file: (CODE) Sample code to add to the page menu: (CODE) Running the application, we wi…
International Data Corporation (IDC) prognosticates that before the current the year gets over disbursing on IT framework products to be sent in cloud environs will be $37.1B.
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now