469,628 Members | 1,091 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 469,628 developers. It's quick & easy.

Detecting when the user moves away from two particular pages

Hi everyone,

I'm having a frustrating problem and I don't know how to fix it without
totally redoing a very complicated couple of pages on my site. I really hope
some kind soul can help me :-)

Its a very simple situation:

I have 1 page that serves to create and update users and another page to add
roles to the user.

In order to keep the state as the user moves back and forward between these
two pages, I've made a session entity class that I add to the Session when
moving between these two particular pages.

Thats all fine.

When the user arrives at the Create/Update page, it checks to see if the
session entity exists. If it does, then it loads the user interface with the
info in the entity object.

Also fine.

The problem occurs when the user comes to the page, half creates a user then
goes away from the page using one of the several links on the page and then
returns to the page.

Because the Session Entity still exists from the last occasion the user was
at the Create/Edit page, the page loads the data from it even when it
shouldnt.

The end result is that the UI gets populated with values that it definately
shouldnt!

My question is generic - how can i stop this from happening? I know people
use Process State objects for managing a multestage process all the time, so
this situation must arise all the time. I'm hoping theres some sort of
design pattern for it.

The only way I can think to prevent the problem is to detect when the user
moves away from the page by using the links on the page and delete the
session object when moving away from the 2 create/update pages.

Does anyone know how I can detect when the user moves away from two
particular pages?

Sorry thats quite a complicated explanation. I really hope someone can help

Thank you

Simon
Nov 18 '05 #1
7 1701
Smart navigation - have you tried using it?

-Demetri

"Simon Harvey" wrote:
Hi everyone,

I'm having a frustrating problem and I don't know how to fix it without
totally redoing a very complicated couple of pages on my site. I really hope
some kind soul can help me :-)

Its a very simple situation:

I have 1 page that serves to create and update users and another page to add
roles to the user.

In order to keep the state as the user moves back and forward between these
two pages, I've made a session entity class that I add to the Session when
moving between these two particular pages.

Thats all fine.

When the user arrives at the Create/Update page, it checks to see if the
session entity exists. If it does, then it loads the user interface with the
info in the entity object.

Also fine.

The problem occurs when the user comes to the page, half creates a user then
goes away from the page using one of the several links on the page and then
returns to the page.

Because the Session Entity still exists from the last occasion the user was
at the Create/Edit page, the page loads the data from it even when it
shouldnt.

The end result is that the UI gets populated with values that it definately
shouldnt!

My question is generic - how can i stop this from happening? I know people
use Process State objects for managing a multestage process all the time, so
this situation must arise all the time. I'm hoping theres some sort of
design pattern for it.

The only way I can think to prevent the problem is to detect when the user
moves away from the page by using the links on the page and delete the
session object when moving away from the 2 create/update pages.

Does anyone know how I can detect when the user moves away from two
particular pages?

Sorry thats quite a complicated explanation. I really hope someone can help

Thank you

Simon

Nov 18 '05 #2
Hello Simon,

You could do an OnUnload handler on each of your pages body tags. This handler would be responsible for creating an HTML-RPC call to null out the Session Entity.

<html>
<head>
<script language='javascript'>
function destroySessionEntity() {
// create your web request here...
}
</script>
</head>
<body onUnload="destroySessionEntity()">
</body>
</html>

--
Matt Berther
http://www.mattberther.com
Hi everyone,

I'm having a frustrating problem and I don't know how to fix it
without totally redoing a very complicated couple of pages on my
site. I really hope some kind soul can help me :-)

Its a very simple situation:

I have 1 page that serves to create and update users and another page
to add roles to the user.

In order to keep the state as the user moves back and forward between
these two pages, I've made a session entity class that I add to the
Session when moving between these two particular pages.

Thats all fine.

When the user arrives at the Create/Update page, it checks to see if
the session entity exists. If it does, then it loads the user
interface with the info in the entity object.

Also fine.

The problem occurs when the user comes to the page, half creates a
user then goes away from the page using one of the several links on
the page and then returns to the page.

Because the Session Entity still exists from the last occasion the
user was at the Create/Edit page, the page loads the data from it
even when it shouldnt.

The end result is that the UI gets populated with values that it
definately shouldnt!

My question is generic - how can i stop this from happening? I know
people use Process State objects for managing a multestage process
all the time, so this situation must arise all the time. I'm hoping
theres some sort of design pattern for it.

The only way I can think to prevent the problem is to detect when the
user moves away from the page by using the links on the page and
delete the session object when moving away from the 2 create/update
pages.

Does anyone know how I can detect when the user moves away from two
particular pages?

Sorry thats quite a complicated explanation. I really hope someone can
help

Thank you

Simon


Nov 18 '05 #3
Don't use smartnav or rely javascript firing on the unload. Both of these
are very unreliable. What if you did not use links between the two pages but
used server.transfer or some other way to transfer the data back. Maybe take
the information out of the session once it has been sent down to the client.
Nov 18 '05 #4
Simon Harvey wrote:
Hi everyone,

[snip]

The problem occurs when the user comes to the page, half creates a
user then goes away from the page using one of the several links on
the page and then returns to the page.

Because the Session Entity still exists from the last occasion the
user was at the Create/Edit page, the page loads the data from it
even when it shouldnt.

The end result is that the UI gets populated with values that it
definately shouldnt!


So basically what you are saying is that you have a script that represents a
process with multiple stages that all accept similar values. So the program
is confused as to how to load these values under certain situations.

I think you should remedy this problem by clearly dilineating your program
into steps represented by one subroutine or function (I'm imagining your
program as one big chunk of logic that displays different things based on
the session, am I right?). Maybe session's aren't the answer in this case,
maybe instead you should pass form post or querystring get values back and
forth from each step that tell your program what's it's supposed to be
doing.

When I have a script with multiple steps I usually key off each step in the
querystring. The first thing my program does is a switch on an "op"
querystring variable, and executes a routine that implements that step. Then
each step passes a new op variable which tells program to implement the next
step. For instance:

Step 1) Show Create User Form: users.aspx?op=viewcreate&f1=1&f2=2 (shows a
form which posts to...)
Step 2) Create User: users.aspx?op=create&f1&f2 (does database calls,
inserts, and redirects to...)
Step 2) Modify User: users.aspx?op=modperms&f1=1&f2=2

So, if someone clicks on another link in the page, and they eventually come
back to your script, all they have is the first op=new link, so the program
knows it's creating a new user, regardless of what's in the person's session
(but it can fill that information in too as it sees fit).

Something of that nature, catch my drift?

Keep in mind I'm also hearing security issues in your problem. I don't think
it's a good idea for users to be in control of the control-flow of your
program by modifying session information when creating and modifying users.
Sounds bad! ;-)

Eric
Nov 18 '05 #5
Hi Everyone,

First a big thanks to all wheo answered my problem. All interesting ideas.
The one that I connect with the most is Eric's.

The one problem I have is the fact that it uses the query string. The reason
that I used the session was because I actually thought it would be more
secure than passing userID's and what not over the wire in a url thats
clearly tamperable.

Is there another way I could maintain the state between pages without using
the query string? Perhaps in a form variable?
Or maybe i could encrypt the querystring as it goes out and unencrypt it on
its way in?

As always, any help very much appreciated

Thanks all

Kindest Regards

Simon
Nov 18 '05 #6
Simon wrote:
Hi Everyone,

First a big thanks to all wheo answered my problem. All interesting
ideas. The one that I connect with the most is Eric's.

The one problem I have is the fact that it uses the query string. The
reason that I used the session was because I actually thought it
would be more secure than passing userID's and what not over the wire
in a url thats clearly tamperable.


That's cool. Yes, querystring is tamperable, and so are hidden form fields,
but the data has to come from somewhere to get into your session, so in a
way your session is tamperable as well! Anything data that comes from user
input is tainted... ;-<

Really you could probably fix it solely with any of the above, hidden form
fields, sessions or querystring with a little craftiness. If I was going to
make a program similar to what you are doing I'd prolly use a combination of
them all.

I might: string the steps together and let the program know what's going on
using a series of querystring variables (I think of the querystring as a
command line argument), pass stateless data between each step using hidden
form variables. And keep any secured user related info in the session (such
as the users login id and password).

The security issues for each field would be highly dependent on what you are
trying to do though, so any of those rules I use for myself might be bent
for the occassion.

What I'm saying is; Your program is basically calling itself right? View
create user, create user, and modify. So wherever in the code it says "If
Session("Username") Then CompleteStep1()" change it to "If
QueryString("step1") Then CompleteStep1()"

Then in the appropriate places where the script passes data from itself to
itself (such as from a form), give it that querystring value or a hidden
form id, so it knows what to do next. It might only require a couple small
changes to accomplish this. If you clearly define all the steps like this,
you might find it easier to validate the users input as well, because you
have more power to send them where you want them since you can change what
step is next concisely in your code.

Eric
Nov 18 '05 #7
Hi Simon,

If I have understood you correctly, you have multiple pages in your
ASP.Net project. When user jumps between two pages (Create/Edit User &
User Roles), you want to maintain certain data which the user might
have entered in create/edit page.

One easy soln. is to use "HTTP_REFERER" in the Page_load event to find
out from which page the user is comming from. If the value of
"HTTP_REFERER" is not the create or role page, then you have achieved
what u reqd.
-Guru

Simon wrote:
Hi Everyone,

First a big thanks to all wheo answered my problem. All interesting
ideas. The one that I connect with the most is Eric's.

The one problem I have is the fact that it uses the query string. The
reason that I used the session was because I actually thought it
would be more secure than passing userID's and what not over the wire
in a url thats clearly tamperable.

Is there another way I could maintain the state between pages without
using the query string? Perhaps in a form variable?
Or maybe i could encrypt the querystring as it goes out and unencrypt
it on its way in?

As always, any help very much appreciated

Thanks all

Kindest Regards

Simon


Nov 19 '05 #8

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

4 posts views Thread by Peter Flynn | last post: by
1 post views Thread by Simon Harvey | last post: by
4 posts views Thread by Chris | last post: by
27 posts views Thread by Deek | last post: by
reply views Thread by Ahmad Jalil Qarshi | last post: by
1 post views Thread by wwwords | last post: by
1 post views Thread by mouton | last post: by
reply views Thread by gheharukoh7 | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.