What are the pitfalls of using SessionID to keep track of guets and members logged in
Posted on 2011-10-07
I have a problem here. I thought perhaps using a database to keep track of guests and members would be the solution. My Goal is to give me the number of guests and number of members as well which members are on TWO sites. What I have now is I have
on SessionBegin (When a user first visits a site)
InsertRecord in DB / SessionID(Session.SessionID) / UserID (null) / ClientID (null) / ActiveSession(True) / StarDatet/EndDate
on Login (when the user logs in)
Update Record UserID = UserID, ClientID = ClientID Where SessionID = SessionID
Logout (user logs out and is now a guest)
Update Record UserID = Null, ClientID = Null Where SessionID = SessionID, Set EndTime
on SessionEnd (user has left or has timeout after 60 mins)
Update Record ActiveSession = 0 Where SessionID = SessionID, Set EndTime
ALSO We have a page that sits in between the two sites (CBT and SG) called InterAppComm.
When a user leaves one site to go to the other via this page I call Session.Abandon (Which calls SessionEnd) and redirect to the other site.
If the user is logged in I still call Session.Abandon and Log the User in on the other end expecting that the SessionID inserts a new record of the Logged in User. Keeping in mind every time they leave the site to go to the other Call Session.Abandon because we want to keep track of only one instance of them. So only ActiveSession is kept for the user.
When I want to get all the members logged in I query give me users Where UserID is not Null and Active Session = 1
and to get all guests get me users where ActiveSession = 1 and UserID is Null
ActiveSession is set to 0 (meaning they left the party) when they are inactive by timing out the 60 minute period, when they leave CBT site to go to the SG or vice versa (or we have duplicates users)
When testing, we are able to login CBT, switch to SG and see we are logged in , in the list of members logged in page, when we logout we get sent back to CBT and are logged out, when we try Log back in, this is where the problem is because it doesn’t update the record or insert a new one based on the SessionID
What I am trying to understand is if I am using the SessionID correctly and the whole concept of Sessions, Session.Abandon, etc.
I feel my logic is sound, however the actions maybe out of step or how I am using them is wrong or even the order of steps is incorrect. I feel that this would work on a single application but because we have two there is some break somewhere.
I stepped through my code to ensure there are no errors and no SQL exceptions.
Also I have
<sessionState mode="InProc" cookieless="false" timeout="60" regenerateExpiredSessionId="true"/> in the webconfig.
any help is greatly appreciated..