Finding out which sessions are still active

Save the current time on each request within a name/value collection (as
key use the sessionid) every directory associated to an entry containing
a date < DateTime.Now.AddMinutes(-20) can be deleted.

--Daniel
http://staff.newtelligence.com/danielf/


-----Original Message-----
From: Laurent Bugnion [mailto:ga*********@bluewin.ch]
Posted At: Monday, January 23, 2006 12:45 PM
Posted To: microsoft.public.dotnet.framework.aspnet
Conversation: Finding out which sessions are still active
Subject: Finding out which sessions are still active

Hi,

I am wondering what is the best way to find out which ASP.NET sessions
are still active.

Here is the reason: I have a custom control which can upload files. It
saves the files in a folder named after the SessionID. At Session_End, I

do some cleanup and delete the "session folder". However, if the PC is
rebooted before the session times out, the clean up never happens. So
what I wanted to do isL: In my CleanUp method, check all other folders.
If the Session is still active, leave them untouched. If the Session has

expired already, delete the folders.

What would be the best way to solve this problem?

Thanks a lot,
Laurent
--
Laurent Bugnion, GalaSoft
Software engineering: http://www.galasoft-LB.ch
Private/Malaysia: http://mypage.bluewin.ch/lbugnion
Support children in Calcutta: http://www.calcutta-espoir.ch

Hi,

Daniel Fisher(lennybacon) wrote:

Save the current time on each request within a name/value collection (as
key use the sessionid) every directory associated to an entry containing
a date < DateTime.Now.AddMinutes(-20) can be deleted.

--Daniel
http://staff.newtelligence.com/danielf/

I was thinking of a more or less similar solution too. However, I read
that there is a way to get the Session objects from the Cache object,
did anyone try that already? Seems that it is not fully documented,
which leads me to think that it's probably not the best way to handle
this...

Thanks,
Laurent
--
Laurent Bugnion, GalaSoft
Software engineering: http://www.galasoft-LB.ch
Private/Malaysia: http://mypage.bluewin.ch/lbugnion
Support children in Calcutta: http://www.calcutta-espoir.ch

Hi,

Spam Catcher wrote:

Laurent Bugnion <ga*********@bluewin.ch> wrote in news:dr2kl0$o2b$1
@zrha118x.zrh.siemens.ch:

I was thinking of a more or less similar solution too. However, I read
that there is a way to get the Session objects from the Cache object,
did anyone try that already? Seems that it is not fully documented,
which leads me to think that it's probably not the best way to handle
this...

I think you can only access the current session object - not all the
session object.

I used to think so too, but this article made me think differently:

http://www.developer.com/net/asp/art...0917_2206351_2
(see point #2).

Got to try this tonight...

Laurent
--
Laurent Bugnion, GalaSoft
Software engineering: http://www.galasoft-LB.ch
Private/Malaysia: http://mypage.bluewin.ch/lbugnion
Support children in Calcutta: http://www.calcutta-espoir.ch

You could just register those IDs in an application variable.

My personal preference would be to just not use those temp directories If
you need to create/delete dirs this is likely because those files are then
placed somewhere else. You could perhaps save them directly at their final
location ?

You could also cleanup those directories based on their age.

--
Patrice

"Laurent Bugnion" <ga*********@bluewin.ch> a écrit dans le message de
news:dr**********@zrha118x.zrh.siemens.ch...

Hi,

Spam Catcher wrote:

Laurent Bugnion <ga*********@bluewin.ch> wrote in news:dr2kl0$o2b$1
@zrha118x.zrh.siemens.ch:

I was thinking of a more or less similar solution too. However, I read
that there is a way to get the Session objects from the Cache object,
did anyone try that already? Seems that it is not fully documented,
which leads me to think that it's probably not the best way to handle
this...

I think you can only access the current session object - not all the
session object.

I used to think so too, but this article made me think differently:

http://www.developer.com/net/asp/art...0917_2206351_2
(see point #2).

Got to try this tonight...

Laurent
--
Laurent Bugnion, GalaSoft
Software engineering: http://www.galasoft-LB.ch
Private/Malaysia: http://mypage.bluewin.ch/lbugnion
Support children in Calcutta: http://www.calcutta-espoir.ch

Hi,

Patrice wrote:

You could just register those IDs in an application variable.
My idea, exactly. If the server reboots, the IDs will be removed from
the Application object, meaning that the sessions have been terminated.
I was just letting my mind wander about other possible implementations.

My personal preference would be to just not use those temp directories If
you need to create/delete dirs this is likely because those files are then
placed somewhere else. You could perhaps save them directly at their final
location ?
Actually, the files are uploaded by the user, then I parse them, modify
them and then offer the modified files for download. Thus the need to
let these directories live for a while.

You could also cleanup those directories based on their age.

I thought of it too, but would like to avoid this. We have sessions
which can last pretty long (days), and others very short. No way to know
when the directory should be deleted based on age only.

Thanks for the input,
Laurent
--
Laurent Bugnion, GalaSoft
Software engineering: http://www.galasoft-LB.ch
Private/Malaysia: http://mypage.bluewin.ch/lbugnion
Support children in Calcutta: http://www.calcutta-espoir.ch

>> I think you can only access the current session object - not all the

session object.

I used to think so too, but this article made me think differently:

http://www.developer.com/net/asp/art...0917_2206351_2
(see point #2).

I think you missed the part of the article that says "This potential
vulnerability has been cleared in version 1.1."

Hi,

Oc******@gmail.com wrote:

I think you can only access the current session object - not all the
session object.

I used to think so too, but this article made me think differently:

http://www.developer.com/net/asp/art...0917_2206351_2
(see point #2).

I think you missed the part of the article that says "This potential
vulnerability has been cleared in version 1.1."

The mentioned vulnerability is that you can enumerate private members of
the Cache object in 1.0. In 1.1 you can only enumerate public members.
However, the article doesn't precise if the Sessions are public or
private members, and thus if they can still be listed in 1.1. Hence my
question.

Anyway I chose another approach.

Thanks anyway,
Laurent
--
Laurent Bugnion, GalaSoft
Software engineering: http://www.galasoft-LB.ch
Private/Malaysia: http://mypage.bluewin.ch/lbugnion
Support children in Calcutta: http://www.calcutta-espoir.ch

It may be more prudent to let a db table help you with the cleanup. If
you track the session ID with the login ID, you would be able to tell
when a login ID has acquired a new session ID based folder. This would
tell you that a previously held folder should be dropped. That would
happen whenever a user goes away without 'terminating' their session,
such as a reboot. You could also use a table, session variable or
application variable to keep track of recent session activity. The
nice thing about using an application variable is that it would be
available at a higher level (administrative functions) and not just to
the client. Then you could set up a periodic sweep to delete
unused/inactive folders. If you have sessions that stay open for
extended periods, you may want to employ some type of role-based
security, where only special users could hold a session for more than,
say 30 minutes. Then you could simply clear out session based folders
for normal users that have had no activity in more than 30 minutes.

Be aware of that the application variables get lost if the server
restarts/stops/crashes - I would prefer the database.

--Daniel
http://staff.newtelligence.com/danielf/


-----Original Message-----
From: John.Net [mailto:jo*******@gmail.com]
Posted At: Tuesday, January 24, 2006 3:48 PM
Posted To: microsoft.public.dotnet.framework.aspnet
Conversation: Finding out which sessions are still active
Subject: Re: Finding out which sessions are still active

It may be more prudent to let a db table help you with the cleanup. If
you track the session ID with the login ID, you would be able to tell
when a login ID has acquired a new session ID based folder. This would
tell you that a previously held folder should be dropped. That would
happen whenever a user goes away without 'terminating' their session,
such as a reboot. You could also use a table, session variable or
application variable to keep track of recent session activity. The
nice thing about using an application variable is that it would be
available at a higher level (administrative functions) and not just to
the client. Then you could set up a periodic sweep to delete
unused/inactive folders. If you have sessions that stay open for
extended periods, you may want to employ some type of role-based
security, where only special users could hold a session for more than,
say 30 minutes. Then you could simply clear out session based folders
for normal users that have had no activity in more than 30 minutes.