What are the pitfalls of using SessionID to keep track of guets and members logged in
Hello,
I have a problem here. I thought perhaps using a database to keep track of guests and members would be the solution. My Goal is to give me the number of guests and number of members as well which members are on TWO sites. What I have now is I have
on SessionBegin (When a user first visits a site)
InsertRecord in DB / SessionID(Session.SessionI
on Login (when the user logs in)
Update Record UserID = UserID, ClientID = ClientID Where SessionID = SessionID
Logout (user logs out and is now a guest)
Update Record UserID = Null, ClientID = Null Where SessionID = SessionID, Set EndTime
on SessionEnd (user has left or has timeout after 60 mins)
Update Record ActiveSession = 0 Where SessionID = SessionID, Set EndTime
ALSO We have a page that sits in between the two sites (CBT and SG) called InterAppComm.
When a user leaves one site to go to the other via this page I call Session.Abandon (Which calls SessionEnd) and redirect to the other site.
If the user is logged in I still call Session.Abandon and Log the User in on the other end expecting that the SessionID inserts a new record of the Logged in User. Keeping in mind every time they leave the site to go to the other Call Session.Abandon because we want to keep track of only one instance of them. So only ActiveSession is kept for the user.
When I want to get all the members logged in I query give me users Where UserID is not Null and Active Session = 1
and to get all guests get me users where ActiveSession = 1 and UserID is Null
ActiveSession is set to 0 (meaning they left the party) when they are inactive by timing out the 60 minute period, when they leave CBT site to go to the SG or vice versa (or we have duplicates users)
When testing, we are able to login CBT, switch to SG and see we are logged in , in the list of members logged in page, when we logout we get sent back to CBT and are logged out, when we try Log back in, this is where the problem is because it doesn’t update the record or insert a new one based on the SessionID
What I am trying to understand is if I am using the SessionID correctly and the whole concept of Sessions, Session.Abandon, etc.
I feel my logic is sound, however the actions maybe out of step or how I am using them is wrong or even the order of steps is incorrect. I feel that this would work on a single application but because we have two there is some break somewhere.
I stepped through my code to ensure there are no errors and no SQL exceptions.
Also I have
<sessionState mode="InProc" cookieless="false" timeout="60" regenerateExpiredSessionId
any help is greatly appreciated..
I have a problem here. I thought perhaps using a database to keep track of guests and members would be the solution. My Goal is to give me the number of guests and number of members as well which members are on TWO sites. What I have now is I have
on SessionBegin (When a user first visits a site)
InsertRecord in DB / SessionID(Session.SessionI
on Login (when the user logs in)
Update Record UserID = UserID, ClientID = ClientID Where SessionID = SessionID
Logout (user logs out and is now a guest)
Update Record UserID = Null, ClientID = Null Where SessionID = SessionID, Set EndTime
on SessionEnd (user has left or has timeout after 60 mins)
Update Record ActiveSession = 0 Where SessionID = SessionID, Set EndTime
ALSO We have a page that sits in between the two sites (CBT and SG) called InterAppComm.
When a user leaves one site to go to the other via this page I call Session.Abandon (Which calls SessionEnd) and redirect to the other site.
If the user is logged in I still call Session.Abandon and Log the User in on the other end expecting that the SessionID inserts a new record of the Logged in User. Keeping in mind every time they leave the site to go to the other Call Session.Abandon because we want to keep track of only one instance of them. So only ActiveSession is kept for the user.
When I want to get all the members logged in I query give me users Where UserID is not Null and Active Session = 1
and to get all guests get me users where ActiveSession = 1 and UserID is Null
ActiveSession is set to 0 (meaning they left the party) when they are inactive by timing out the 60 minute period, when they leave CBT site to go to the SG or vice versa (or we have duplicates users)
When testing, we are able to login CBT, switch to SG and see we are logged in , in the list of members logged in page, when we logout we get sent back to CBT and are logged out, when we try Log back in, this is where the problem is because it doesn’t update the record or insert a new one based on the SessionID
What I am trying to understand is if I am using the SessionID correctly and the whole concept of Sessions, Session.Abandon, etc.
I feel my logic is sound, however the actions maybe out of step or how I am using them is wrong or even the order of steps is incorrect. I feel that this would work on a single application but because we have two there is some break somewhere.
I stepped through my code to ensure there are no errors and no SQL exceptions.
Also I have
<sessionState mode="InProc" cookieless="false" timeout="60" regenerateExpiredSessionId
any help is greatly appreciated..
Last Comment
ASKER CERTIFIED SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
Still need a little more info here,
I removed the Session.Abandon when the user moves from sub domain to sub domain:
www.stopsmokingcenter.net -> sg.stopsmokingcenter.net (removed session abandon)
This seemed to to correct the issue and the users logged in were correctly being removed when the user logs out or when the user times out.. but ive returned to this cause someone noticed this issue..
there are instances when the user remains on the list .. my guess is when Session_END is called and goes to the database to remove the record of the user where the SessionID = @SessionID it does not find it and leaves members displayed as logged in.
On Session_Start Set a variable; Session("Start") = Now ; I've read this ensures that the sessionID is static.
I am doing this on both sub domains www & SG; what behavior does this cause?
Can the session-ID change when visiting both sub domains?
I was thinking of storing a simple userClass object in the Session that stores the ClientID and UserID so when the Session_Ends. and the record does not match where the SessionID = @SessionID then I still have the UserID and CLientID (which is set when they login) to match the record and remove it.
Any more information on this scenario is greatly appreciated.
I removed the Session.Abandon when the user moves from sub domain to sub domain:
www.stopsmokingcenter.net -> sg.stopsmokingcenter.net (removed session abandon)
This seemed to to correct the issue and the users logged in were correctly being removed when the user logs out or when the user times out.. but ive returned to this cause someone noticed this issue..
there are instances when the user remains on the list .. my guess is when Session_END is called and goes to the database to remove the record of the user where the SessionID = @SessionID it does not find it and leaves members displayed as logged in.
On Session_Start Set a variable; Session("Start") = Now ; I've read this ensures that the sessionID is static.
I am doing this on both sub domains www & SG; what behavior does this cause?
Can the session-ID change when visiting both sub domains?
I was thinking of storing a simple userClass object in the Session that stores the ClientID and UserID so when the Session_Ends. and the record does not match where the SessionID = @SessionID then I still have the UserID and CLientID (which is set when they login) to match the record and remove it.
Any more information on this scenario is greatly appreciated.
ASKER
I also have this in my web.config.
<sessionState mode="InProc" cookieless="false" timeout="60" regenerateExpiredSessionId
should regenerateExpiredSessionId
<sessionState mode="InProc" cookieless="false" timeout="60" regenerateExpiredSessionId
should regenerateExpiredSessionId
ASKER
I thought in order to store my user Object and keep the session over the two sub domains would I need to do something like this
In the Global.asax file:
void Application_EndRequest(obj
{
if (Response.Cookies["ASP.NET
{
Response.Cookies["ASP.NET_
}
}
In the Global.asax file:
void Application_EndRequest(obj
{
if (Response.Cookies["ASP.NET
{
Response.Cookies["ASP.NET_
}
}
Visual Basic.NET
Visual Basic .NET (VB.NET) is an object-oriented programming language implemented on the .NET framework, but also supported on other platforms such as Mono and Silverlight. Microsoft launched VB.NET as the successor to the Visual Basic language. Though it is similar in syntax to Visual Basic pre-2002, it is not the same technology,
96K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
TRUSTED BY
ASKER
Or is on Session_Begin Called. Cause this may help with my problem cause im calling Session.Abandon and redirecting the user to the other site.