By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
459,995 Members | 1,578 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 459,995 IT Pros & Developers. It's quick & easy.

How to allow only ONE user on an ASPX web site? (C#)

P: n/a
S_K
Hi,

I have an .aspx website developed. Because of the nature of the web
site only one user can be using this site at the same time. How do I
lock out the second user? Application["...] variable perhaps?

Thanks so much for you help!

Oct 17 '07 #1
Share this Question
Share on Google+
14 Replies


P: n/a
Static variables are shared between all user sessions. If you make something
like
public static bool IsInUse; and the first users will set it to true, the
other user sessions will detect it.

How are you going to detect when the user completes using the site?

--
Eliyahu Goldin,
Software Developer
Microsoft MVP [ASP.NET]
http://msmvps.com/blogs/egoldin
http://usableasp.net
"S_K" <st***********@yahoo.comwrote in message
news:11**********************@z24g2000prh.googlegr oups.com...
Hi,

I have an .aspx website developed. Because of the nature of the web
site only one user can be using this site at the same time. How do I
lock out the second user? Application["...] variable perhaps?

Thanks so much for you help!

Oct 17 '07 #2

P: n/a
"S_K" <st***********@yahoo.comwrote in message
news:11**********************@z24g2000prh.googlegr oups.com...
I have an .aspx website developed. Because of the nature of the web
site only one user can be using this site at the same time. How do I
lock out the second user? Application["...] variable perhaps?
Only if you can absolutely 100% trust your user(s) to log out via a means
that you provide so that you can reset the Application variable...

ASP.NET has no reliable way of knowing if a user has navigated away from
your site, or closed their browser etc...
--
Mark Rae
ASP.NET MVP
http://www.markrae.net

Oct 17 '07 #3

P: n/a
"Eliyahu Goldin" <RE**************************@mMvVpPsS.orgwrote in
message news:eY**************@TK2MSFTNGP06.phx.gbl...
How are you going to detect when the user completes using the site?
That's the problem...
--
Mark Rae
ASP.NET MVP
http://www.markrae.net

Oct 17 '07 #4

P: n/a
On Oct 17, 11:03 am, S_K <steve_kers...@yahoo.comwrote:
Hi,

I have an .aspx website developed. Because of the nature of the web
site only one user can be using this site at the same time. How do I
lock out the second user? Application["...] variable perhaps?

Thanks so much for you help!
Would a time stamp help at all? I don't know the nature of your site,
but how long would the user need to be on the site? If there's no
activity after a specified period of time then a new user can be
allowed through.

Oct 17 '07 #5

P: n/a
Yes all along with the user id for the current "owner" of the site (so that
you can check if recent activity was caused by the same or by another user
than the one doing the current request).

Note also that if the user doesn't log out explictely you'll get a period of
time during which nobody (except the last connected user) will be able to
use the site.

You may want to elaborate a bit as this is an unsual requirements. What does
requires this ?

--
Patrice

"justin" <ju***********@gmail.coma écrit dans le message de news:
11**********************@i13g2000prf.googlegroups. com...
On Oct 17, 11:03 am, S_K <steve_kers...@yahoo.comwrote:
>Hi,

I have an .aspx website developed. Because of the nature of the web
site only one user can be using this site at the same time. How do I
lock out the second user? Application["...] variable perhaps?

Thanks so much for you help!

Would a time stamp help at all? I don't know the nature of your site,
but how long would the user need to be on the site? If there's no
activity after a specified period of time then a new user can be
allowed through.

Oct 17 '07 #6

P: n/a
S_K
On Oct 17, 9:39 am, justin <justin.cre...@gmail.comwrote:
On Oct 17, 11:03 am, S_K <steve_kers...@yahoo.comwrote:
Hi,
I have an .aspx website developed. Because of the nature of the web
site only one user can be using this site at the same time. How do I
lock out the second user? Application["...] variable perhaps?
Thanks so much for you help!

Would a time stamp help at all? I don't know the nature of your site,
but how long would the user need to be on the site? If there's no
activity after a specified period of time then a new user can be
allowed through.
Would a static variable work on a .ASPX web site? I would think thats
what Application["variablename"] is for. Hmmm I'm going to have to try
that.....

So there is no way of reliably determining if the user has dropped the
web page? That's disturbing. Isn't there an "Unload()" event or
something that can be used? Is that not reliable?

Thanks soo much for your feedback!!

Steve

Oct 17 '07 #7

P: n/a
"S_K" <st***********@yahoo.comwrote in message
news:11********************@z24g2000prh.googlegrou ps.com...
So there is no way of reliably determining if the user has dropped the
web page?
Correct.
That's disturbing.
It's inherent in the fundamental disconnected architecture of the web.
Isn't there an "Unload()" event or something that can be used?
Yes, but that will fire "every time" the page unloads i.e. when moving from
page to page within the same site...
Is that not reliable?
No...
--
Mark Rae
ASP.NET MVP
http://www.markrae.net

Oct 17 '07 #8

P: n/a
On Wed, 17 Oct 2007 16:26:36 +0100, "Mark Rae [MVP]"
<ma**@markNOSPAMrae.netwrote:
>"S_K" <st***********@yahoo.comwrote in message
news:11**********************@z24g2000prh.googleg roups.com...
>I have an .aspx website developed. Because of the nature of the web
site only one user can be using this site at the same time. How do I
lock out the second user? Application["...] variable perhaps?

Only if you can absolutely 100% trust your user(s) to log out via a means
that you provide so that you can reset the Application variable...

ASP.NET has no reliable way of knowing if a user has navigated away from
your site, or closed their browser etc...
What about this method? - it works fine for me:

http://www.eggheadcafe.com/articles/20051228.asp
Oct 18 '07 #9

P: n/a
"mark4asp" <ma******@gmail.comwrote in message
news:v9********************************@4ax.com...
>>ASP.NET has no reliable way of knowing if a user has navigated away from
your site, or closed their browser etc...

What about this method? - it works fine for me:

http://www.eggheadcafe.com/articles/20051228.asp
??? But that isn't the same thing at all!

The OP is looking for a way to be notified *when* a user navigates away from
the site or closes the browser.

Peter's code will check *if* a user's Session has timed out, but only in
response to *another* HttpRequest from that user - if the user navigates
away from the site or closes their browser, none of this will ever happen...
--
Mark Rae
ASP.NET MVP
http://www.markrae.net

Oct 18 '07 #10

P: n/a
On Oct 17, 5:03 pm, S_K <steve_kers...@yahoo.comwrote:
Hi,

I have an .aspx website developed. Because of the nature of the web
site only one user can be using this site at the same time. How do I
lock out the second user? Application["...] variable perhaps?

Thanks so much for you help!
Hi, static variables and application are once / prcoess, it is easily
possible that you will have several processes (w3p.exe in taskmanager)
thus I would go for external store like file or database row entry

regards

Oct 18 '07 #11

P: n/a
S_K
On Oct 18, 4:21 am, kaza <kaza...@gmail.comwrote:
On Oct 17, 5:03 pm, S_K <steve_kers...@yahoo.comwrote:
Hi,
I have an .aspx website developed. Because of the nature of the web
site only one user can be using this site at the same time. How do I
lock out the second user? Application["...] variable perhaps?
Thanks so much for you help!

Hi, static variables and application are once / prcoess, it is easily
possible that you will have several processes (w3p.exe in taskmanager)
thus I would go for external store like file or database row entry

regards
Thanks very much everyone for your help in this!
It has been quite a learning experience!

Thanks again
Steve

Oct 18 '07 #12

P: n/a
On Thu, 18 Oct 2007 08:30:57 +0100, "Mark Rae [MVP]"
<ma**@markNOSPAMrae.netwrote:
>"mark4asp" <ma******@gmail.comwrote in message
news:v9********************************@4ax.com.. .
>>>ASP.NET has no reliable way of knowing if a user has navigated away from
your site, or closed their browser etc...

What about this method? - it works fine for me:

http://www.eggheadcafe.com/articles/20051228.asp

??? But that isn't the same thing at all!

The OP is looking for a way to be notified *when* a user navigates away from
the site or closes the browser.

Peter's code will check *if* a user's Session has timed out, but only in
response to *another* HttpRequest from that user - if the user navigates
away from the site or closes their browser, none of this will ever happen...
Thanks for correcting my mistake.

So if one then tried to read the user's cookie what would one get? And
what of the security context surely that will no longer return a UserId
(if one put it there in the first place) ?

Say the user visits the site at 13:00 and navigates away at 13:10 and
the session timeout is set to 20 minutes. Are you saying that for the
last 10 minuters, after the user has navigated away, that the session id
and UserId in the security context will still be there - implying that
the user is still present? I was under the impression that the session
id relied on cookies (by default). I realise that http is stateless but
is the user cookie cached on the server and not read afresh each time
one "reads" it? - if so, what would happen if one tried to write a
cookie to the now absent user after they had navigated away?

It just doesn't make sense to me that a user navigating away can't be
detected.
Oct 18 '07 #13

P: n/a
"mark4asp" <ma******@gmail.comwrote in message
news:fp********************************@4ax.com...
Say the user visits the site at 13:00 and navigates away at 13:10 and
the session timeout is set to 20 minutes. Are you saying that for the
last 10 minuters, after the user has navigated away, that the session id
and UserId in the security context will still be there - implying that
the user is still present?
Yes, though that wouldn't matter in the slightest - the problem is that the
Session on the webserver would not have timed out...
It just doesn't make sense to me that a user navigating away can't be
detected.
Think about it - once a webserver has sent down an HttpResponse in response
to an HttpRequest, how can it possibly have the slightest idea what happens
on the browser to which it has sent that HttpResponse...?

If you send me a letter, you can't know if I read it or even if I open it,
unless I reply to you - it's the same principle with the web...
--
Mark Rae
ASP.NET MVP
http://www.markrae.net

Oct 19 '07 #14

P: n/a
On Oct 17, 6:03 pm, S_K <steve_kers...@yahoo.comwrote:
On Oct 17, 10:29 am, "Patrice" <http://www.chez.com/scribe/wrote:


Yes all along with the user id for the current "owner" of the site (so that
you can check if recent activity was caused by the same or by another user
than the one doing the current request).
Note also that if the user doesn't log out explictely you'll get a period of
time during which nobody (except the last connected user) will be able to
use the site.
You may want to elaborate a bit as this is an unsual requirements. Whatdoes
requires this ?
--
Patrice
"justin" <justin.cre...@gmail.coma écrit dans le message de news:
1192635558.897467.284...@i13g2000prf.googlegroups. com...
On Oct 17, 11:03 am, S_K <steve_kers...@yahoo.comwrote:
>Hi,
>I have an .aspx website developed. Because of the nature of the web
>site only one user can be using this site at the same time. How do I
>lock out the second user? Application["...] variable perhaps?
>Thanks so much for you help!
Would a time stamp help at all? I don't know the nature of your site,
but how long would the user need to be on the site? If there's no
activity after a specified period of time then a new user can be
allowed through.- Hide quoted text -
- Show quoted text -

The requirement that only one user be logged on at a time is because
this site is used to process payroll taxes and the processing is done
one step at a time and each step needs to be done in sequence. Like a
state machine.
There a better way to do this. In a table, set flags as to what step
has been accomplished, or a "nextstep" value. Don't let a user into
any page except the one that equates to the "nextstep".

Once that step is being processed, don't allow another user process
it. Basically whomever clicks "Submit" first wins.
Oct 19 '07 #15

This discussion thread is closed

Replies have been disabled for this discussion.