Issue with threading?

darrel

This is a long-overdue item on my punch list that I haven't had much time to
address in the past. I'm trying to get it off my plate this week. ;o)

We have a home-grown CMS that works pretty well. One issue we have is that
whenever a page is saved in the CMS, we grab the info about the user that is
saving the page and save it along with the page (so we can track who has
changed what).

This works most of the time.

SOMEtimes, however, it grabs the information from another user that is
logged in. It seems as if my threads are crossing. I'm trying to figure out
what I've failed to do correctly in my code.

To grab the userinfo, we call our class from one of our pages:

SecureUsers.su_strUser

The secureusers class:

=============================

Public Class SecureUsers
Public Shared su_strUser As String
...
Private Sub Page_Init(ByVal sender As System.Object, ByVal e As
System.EventArgs) Handles MyBase.Init
InitializeComponent()
su_strUser =
Server.HtmlEncode(Request.Cookies("CMSUser")("su_s trUser"))
End Sub
End Class

=============================

My guess is that it's the 'public shared' declaration for the su_strUser
string and that this is being set GLOBALLY (vs. per session) whenever any
CMS user calls this class. As such, if two people happen to save a page at
the same time, the info crosses.

If that's the case, what should I be using? Is there where I need to use
properties vs. public variables?

-Darrel

--
================================================== ===============
Win prizes searching google:
http://www.blingo.com/friends?ref=hM...nTqhv-2GE1FNtA

May 23 '07 #1

Subscribe Reply

1070

Aidy

My guess is that it's the 'public shared' declaration for the su_strUser

string and that this is being set GLOBALLY (vs. per session) whenever any
CMS user calls this class. As such, if two people happen to save a page at
the same time, the info crosses.

If that's the case, what should I be using? Is there where I need to use
properties vs. public variables?

Your guess is correct. The answer depends on the rest of your architecture
really. Is it enough just to removed the shared and make it private?

May 23 '07 #2

darrel

Your guess is correct. The answer depends on the rest of your

architecture really. Is it enough just to removed the shared and make it
private?

If I make it private or not shared, I can't then access the value from
another page:

SecureUsers.su_strUser.ToString

-Darrel

May 23 '07 #3

Aidy

If I make it private or not shared, I can't then access the value from

another page:

If you need to access it in another page then store it in the Session, then
remove from the Session once it has been used.

May 23 '07 #4

darrel

If you need to access it in another page then store it in the Session,

then remove from the Session once it has been used.

So...it sounds like the issue is that when a person logs into our system,
we're saving their info as a cookie. Instead of saving the info to a cookie,
we should save it to a session? That makes sense.

Now, a new catch: the reason we were saving it as a cookie is that our CMS
is actually 3 separate applications. Yes, less than ideal for many reasons,
and something we hope to resolve down the road. In the interim, is there any
way to share session info between the 3 apps or is that just plain
impossible given that they are three separate apps?

-Darrel

May 23 '07 #5

Aidy

You can't easily share the Session values, what I'd do is store the info in
a database that all 3 can access.

"darrel" <no*****@nowhere.comwrote in message
news:O%***************@TK2MSFTNGP06.phx.gbl...

>If you need to access it in another page then store it in the Session,
then remove from the Session once it has been used.

So...it sounds like the issue is that when a person logs into our system,
we're saving their info as a cookie. Instead of saving the info to a
cookie, we should save it to a session? That makes sense.

Now, a new catch: the reason we were saving it as a cookie is that our CMS
is actually 3 separate applications. Yes, less than ideal for many
reasons, and something we hope to resolve down the road. In the interim,
is there any way to share session info between the 3 apps or is that just
plain impossible given that they are three separate apps?

-Darrel

May 23 '07 #6

darrel

You can't easily share the Session values, what I'd do is store the info

in a database that all 3 can access.

Right...but that kind of takes me back to square one. How does the app know
who the person is to look up their info in the db?

Maybe I should ask a broader question based on our current scenario:

- Our CMS is actually 3 .net application.
- We want people to log into any one of the three and be logged in to the
other 2.

Based on that, what would folks...
a) quick workaround hack solution to get the above working option be?
and
b) more appropriate, more secure option be (even if it includes a
rewrite).

At this point, for 'a', I'm thinking the easiest option is to do what we're
doing, but don't attempt to read the cookie from a class and just read it
directly from whichever page is trying to get the information (as they I can
use non-shared variables). The drawbacks is that this is entirely unsecure
as the login info is all sitting there in a cookie. Thats not too worrisome
for us, as this is an internal app for internal users, but probably not good
practice.

As for 'b', I'm thinking the solution would be to:

- bring the 3 apps together into one app
- store the permission credentials as a session variable

Am I on the right track there? With using the session variable, could I
still read them from a class and not have thread overlap?

-Darrel

May 23 '07 #7

Alvin Bruney [MVP]

Convert your usersession object into a hash table or namevalue collection.
Use the session id as the key, the value is the user info. To grab
information, you simply use the user's session which is guaranteed unique
and so there is no possibility of data corruption. This is not a
cross-threading issue by the way, it is simple data corruption.

As you know, there is no free cheese. So here is the cache. The size of the
namevalue collection grows unbounded. You will need some sort of cleanup
routine to purge the collection ever so often. In the past, I have used a
global timer to purge the information. How do you know if the information
can be purged? One simple method is to time stamp the last collection
lookup. If it is older than some value, remove it from the collection. I'd
suggest you provider a wrapper class that encapsulates all this logic in one
place.

--
Regards,
Alvin Bruney
------------------------------------------------------
Shameless author plug
Excel Services for .NET is coming...
https://www.microsoft.com/MSPress/books/10933.aspx
OWC Black Book www.lulu.com/owc
Professional VSTO 2005 - Wrox/Wiley
"darrel" <no*****@nowhere.comwrote in message
news:%2****************@TK2MSFTNGP06.phx.gbl...

>You can't easily share the Session values, what I'd do is store the info
in a database that all 3 can access.

Right...but that kind of takes me back to square one. How does the app
know who the person is to look up their info in the db?

Maybe I should ask a broader question based on our current scenario:

- Our CMS is actually 3 .net application.
- We want people to log into any one of the three and be logged in to the
other 2.

Based on that, what would folks...
a) quick workaround hack solution to get the above working option be?
and
b) more appropriate, more secure option be (even if it includes a
rewrite).

At this point, for 'a', I'm thinking the easiest option is to do what
we're doing, but don't attempt to read the cookie from a class and just
read it directly from whichever page is trying to get the information (as
they I can use non-shared variables). The drawbacks is that this is
entirely unsecure as the login info is all sitting there in a cookie.
Thats not too worrisome for us, as this is an internal app for internal
users, but probably not good practice.

As for 'b', I'm thinking the solution would be to:

- bring the 3 apps together into one app
- store the permission credentials as a session variable

Am I on the right track there? With using the session variable, could I
still read them from a class and not have thread overlap?

-Darrel

May 23 '07 #8

Similar topics

Threading. Is this an Issue?

by: Zuel | last post by:

Sup everyone! I wrote this code for Tomcat appserver but I am told from an associate that it has threading issues. The basic idea is to store a read only data table for everyone to use. It...

Java

Asynchronous Threading Issue

by: Sam Loveridge | last post by:

Hi all. I'm relatively new to delegates and asynchronous threading and am running into an issue. I need to asynchronously call a method (which I'm doing with a delegate and BeginInvoke) and from...

.NET Framework

Issue with multiple threads and System.Net.Sockets.Socket

by: Stressed Out Developer | last post by:

We have an application that has a 200 count loop that does the following: ' Each time thru the loop we pass the next IP Address is a range (aka 192.168.4.50 thru 192.168.4.254) Try If...

Visual Basic .NET

Asynchronous Threading Issue

by: Sam Loveridge | last post by:

Hi all. I'm relatively new to delegates and asynchronous threading and am running into an issue. I need to asynchronously call a method (which I'm doing with a delegate and BeginInvoke) and from...

.NET Framework

IPC-Remoting: Threading issue in MDI-application

by: =?Utf-8?B?TWljaGFlbCBNYWVz?= | last post by:

Hello, I have an Mdi-application which also is a remoting-server (Ipc). Several instances can co-exist on the same machine. I have a small app (search-engine) (remoting-client) which calls a...

Visual Basic .NET

What is ONU?

by: marktang | last post by:

ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...

General

Maximizing Business Potential: The Nexus of Website Design and Digital Marketing

by: jinu1996 | last post by:

In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...

Online Marketing

AI Job Threat for Devs

by: agi2029 | last post by:

Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...

Career Advice

Access Europe - Using VBA to create a class based on a table - Wed 1 May

by: isladogs | last post by:

The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new...

Microsoft Access / VBA

Couldn’t get equations in html when convert word .docx file to html file in C#.

by: conductexam | last post by:

I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and...

C# / C Sharp

Trying to create a lan-to-lan vpn between two differents networks

by: TSSRALBI | last post by:

Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The...

Networking - Hardware / Configuration

Windows Forms - .Net 8.0

by: adsilva | last post by:

A Windows Forms form does not have the event Unload, like VB6. What one acts like?

Visual Basic .NET

transfer the data from one system to another through ip address

by: 6302768590 | last post by:

Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated ...

C# / C Sharp

php

by: muto222 | last post by:

How can i add a mobile payment intergratation into php mysql website.

PHP