I have an C#/ASP.NET WebForms app. On the master page, I display a value from a database field. For example, like "DEFCON = 3" to let all users know what level we're at (of course, when the value is changed in the database, a user won't pick up the new value until they do a page refresh). But the value will be the same for everyone.
So I'd obviously prefer NOT to have each user's session hit the database on every page load to check for an updated (a round trip for every user, every page seems very inefficient). A global variable seems like the way to go (though I'm not sure the most modern/simplest way to do this yet).
But beyond this is updating the global variable if and when the DEFCON value is changed in the database. How would I trigger the global variable to get updated, especially since the change to the value in the database happens outside of the web app.
Thanks for any thoughts.
Store data in Application variable.Use Ajax to update variable.
Related
Currently I am using 'Session' to keep the datatables in memory.
But after doing few R&Ds, I came to know the it is not a good practice
e.g.
Session("Syllabus") = RegistartionLogic.GetSyllabusInfo(Session("StudentID"))
Requirement:
The items of dropdown will be different based on student-type.
The dropdown data will be fetched from DB and these controls are used
in more than one screen.
Multiple DB call is not preferred from different screens for same
data.
So I need to call only one DB call, keep the data in memory and
then read data from memory next time onward.
I tried with 'cache' as well, but the issue was "Cache is not unique to the user.The scope of the data caching is within the application domain unlike "session". Every user can able to access this objects".
Kindly help me out.
For your scenario, HttpContext.Current.Cache should work.
Yes cache is not unique to the user. But cache key can be made unique.
var studentId = GetStudentIdFromRequest();
var cacheKey = "SyllabusInfoCacheKey_" + studentId;
Then you can make use of the unique cachekey, to insert and later get values for the particular student.
Session is also at Application level. Every user has a ASP.NET_SessionId cookie that is sent from client side and used at the server side to store/retrieve values.
Note: For Session and Asp.Net Cache to work in a load balanced environment, load balancer should be sticky.
In an MVC application I have a two pages process. On the first page we gather information that will allow us to identify which database record to update. On the second page we gather new values used to update this record. In order for this to work, we need a way to persists information between the two pages, including some record id.
I though of two way to do this and both have some problem.
Store the information in the Session object.
This works as long as the user does not open a second browser window or tab. If he does there is a risk that he'll apply the modifications to the wrong record. Suppose he opens tab 1 and complete the first step. Record id 1 is stored in the Session object. The user then open tab 2 and complete the first step. Record id 2 is then stored in the Session object overwriting record id 1. The user then come back to the first tab and complete the second step thinking he is editing record 1, but in fact he will be editing record 2.
Store the information in an hidden field on the page.
This would solve the problem solution 1 has, but it would be trivial for a ill-intentioned user to change the record id to overwrite any record.
While typing this question I just though of a third solution. That is an hybrid of theses two, but I'm not sure it's completely safe. We could store a random id in an hidden field on the page and use this to prefix the key we use to access data in the session object. I think this would work. Could this be exploited as solution 2 could?
Any other good way to securely store data "per tab" instead of "per session"?
Considering way 2 you may check security server side. If a user does not have modification rights on a specific record then server must not save it. Otherwise he/she is modifying a record that has modifications rights on it and does not matter if he/she is doing it by standard UI or hacking under it.
I think you are mixing up two things - authorization and passing data.
If user is authorized to do stuff with "another record", it's not important if he "tempers the hidden", because he is authorized to change another record as well. Nobody is going to do that intentionally. Means - you just need to check if user is authorized to do stuff in every post from the user i.e. in each controller method (and this is normal practice to always validate all user input server-side).
I would suggest you go with "hidden field".
If you want to separate info in different tabs you should use sessionStorage that differs for each open browser tab.
You can set it like this:
sessionStorage.setItem("perTabValue", "true");
Then you can get your value:
var x = sessionStorage.getItem("perTabValue");
if(x === "yourValue"){
//do anithing you want
}
Users modify a DB object in an edit form that I have, pretty straight forward.
I need to implement a 'change log' on this object. I need to record which fields where changed and what they were before and after. I'm using Razor MVC.
I've done this by writing triggers for the table on update/delete. On update/delete of a record, the trigger pushes the record to a History table, in a History database. This creates the change log. Then you would just need to display it; to identify the change would require evaluating each and every field.
There's nothing already built that wold do this for you that I know of.
In my asp.net MVC application, I want to add a variable (a flag for the kind of system a user has) that can be accessed whenever a page loads or the user performs certain actions. I have decided to add a session variable for this (does this seem reasonable?), and I just need to grab the flag from a table in the database. My plan was to set the variable on Session_Start, but this doesn't appear to be the right way to do it as I need to query the database and I'm not sure if I should from the Global.asax. Where should I be populating this variable? Or is there a better way to do it?
Thanks in advance!
Session variable is a reasonable choice and session_start can be a place to get the value. However, if the value is user specific then in such case, you need user identity. Authentication will establish user's identity and not session start (both are independent in ASP.NET) - so instead of session_start, better bet would be Application_AcquireRequestState where you should check if user is authenticated or not and if yes, then check if your session variable has been set or not. If not set then you can get the value from database.
A slight variation would be on-demand loading i.e. create a wrapper method to get the flag value. Wrapper method will check if value has already been retrieved or not - if not then it will fetch it and cache the value in suitable store (e.g. session state).
I have a web application which has a Sql Server database on the backend. As the site will be rolled out to different clients (or different virtual directories in IIS), each client derivative of the site will use the same backend.
There is an admin page where text on the site can be changed (enter text in a listview, and choose the page to select where that text will show up, and also you can see company-specific details in the other listviews. As this is a shared database, that means a client can see each other's data.
What I am trying to do is store the accountId (a guid returned from the database from login_authenticate), and stick this into session. I then retrieve this on the admin page, and I want to use this value (But it's always 0000-0000 etc), to limit the records returned in the listview.
Is there an example of this? Also, how can I set the default value (this is in the where clause of SqlDataSource), to programatically what the account id is (so I can give me all records = what the current accountid is, or perhaps, what the login is - this is stored in the account table).
Thanks
This is what I tried.
What I am confused about, though, is whether the where clause, when using a session object, is getting an object that I have written the code to retrieve from the session, or an object I have only added but not retrieved. I get the accountID when logging in (verified via stepping in - obviously - or the login will fail).
I will try again with storing the object in session # the login page when I have just retrieved the accountid variable, and then retrieve it on another page.
For some reason I keep getting 0s so I will look at this in my application.
It sounds like your method should be working. I would follow a debugging process:
Check that you are getting the accountID value from the database. Print it on screen immediately after retrieving the value for the first time.
If this is working, store the value in the Session and immediately retrieve it, and check that you are getting the value back.
Create 2 test pages, one where you set the Session variable and another where you retrieve it.
I know this seems really basic, but the failure is being introduced somewhere in the above 3 places. If you can find which step fails, you will be able to fix it.