I am logged in the application, when refresh the page from browser by f5 or Ctrl + f5 session count is up ticking(going up) . It should not add count since my session is not expired.
Sessions is counting when refreshing the page i have seen counts increasing in google analytics website
NA
Sessions count should not be changes if session is active
Related
We have got requirement to restrict concurrent login of same user across 2 Web Applications.
We have 2 Web Applications for example: WebApp1, WebApp2.
User: Dashboard
If Dashboard user is logged into WebApp1 then the same user is not allowed to login to WebApp2 instead show error message on second login.
Tried Solution:
Block 2nd login with same user id if there is an active session and show error message to user.
The idea is to maintain user id, Application Name and session id in DB. On second login of same user check if record exist in DB table against the user id then block 2nd login and show error message to user.
Clear the DB record (UserId, Session Id, and Application Name) in following
scenarios:
Logout
Session Timeout
Restart of Application.
Not Sure how to handle below scenarios.
Close Browser.
Browser Crash
System Crash
If 2nd login request is from valid user then Admin should able to Invalidate the session of first login as this user is attacker.
what is best way to invalidate Http session of WebApp2/ WebApp1?
If you really need to know the state of the first session, I would skip trying to manage sessions in the server, and instead maintain a heartbeat from the client. Have the client make a request every 5 seconds to the server which updates a "Last Seen" record, which includes their IP address and which app they are from, and whether "Last Seen" was a logout event.
Then the other app can interrogate "Last Seen", and if it's more than 5 seconds (I'd actually bump it to 10 for the interrogation), or a LogOut event, assume that the first session went away, and that they are free to log into the second application. If "Last Seen" is less than 5-10 seconds, bump them both out and alert the admin with both the IP Addresses to decide which one should be killed.
In addition to what you have, you could save last activity time in your session DB, and update it, when there is a session update, how often ( every request or once in 5 min for example) it depends on your requirements. Then in case of app/browser/system restart, you log in user, even if record exist, if it is older that session timeout. And you can have admin user that can manually delete entry if required.
The other solution would be to always log in new app, and logout the old one. But that would require introducing additional logic in the application to check if session is still valid.
I have enabled userId feature in Google Analytics.
On Login page i am setting userId. and also on other pages which user visits after login.
Problem:
User A logs In
User A logs out
User B logs(in same browser session)
User B logs out
User A logs in again logs( In same browser session)
User A log out
In user explorer report for above scenario in google analytics, Count of sessions for user A and B is 1 and 1 respectively.
And also, User A session duration includes the timing of user B' session duration
Expected:
user A should have 2 sessions count and user B should have one.
Do I need to do something when user logs out?
I have also tried by statrting new session explicitly when user logs in, But related custom dimensions are not set in that case.
To start new session i have used this link Is it possible to manually end a Google Analytics Session?
ga('send', 'pageview', { 'sessionControl': 'end' });
Written this code on logout event. this will forcefully end session of the user and custom dimensions data is also preserved
I have Password recovery page where in I'm attempting to store user password recovery attempts. Here are my scenarios:
Maximum attempts per user in 4 hours is 5. After 3 attempts if user closes the browser and again reopens then his attempts should be 2. It can be tracked if we store in db. Instead I want to know is it possible with session variables?
I know session variables will reset if we close and open browser. Is there any way we can retain it for specified time programatically?
Note: Password recovery count should not reset even after clearing cache from browser.
I have two apps(say App A and App B). App A gives a link to navigate to App B. On Initial load of App B, it creates a session with a new new Session Id. Further moving into the app, more values are stored in that session. If a select the link and do "open in new tab" multiple times, it will create a new GUID as a session id in each tab. Now i close all the tabs and come back to App A. App A doesn't have a session management mechanism and its session never expires but App B has and also has the session expire page.
After leaving the browser idle for sometime, say 20 mins or so when i try to navigate to the App B, it detects a expired session from the browsers cache and directly redirects to the session expire page of App B which is not an expected behavior. Every time a user tries to go to App B, He should have a fresh session.
Any suggestions on how to handle this scenario ?
Thanks in Advance!!
Am running web application just login and logout process,when i finished login process,within in a second clicked logout process,but in sql server activity monitor still showing previous session.
Again refreshed same page same process repeated , its working perfectly . i was tested for 5 concurrent users same as session not closing .
checked web config , and other connectivity sources but didnt get solution for this , if anyone have experience share solution for this problem .
store userid at the time of login in session. Remove the session in logout click
Session.Abandon();
and in the page load of master page check whether session is null or not
if(Session["uid"]=="")
Response.Redirect("~/Login.aspx");