The user is accessing the website and opened multiple tab.
The session should keep alive when:
Any of the tab is active (mouse move & key strokes on keyboard).
The session should die and redirect to login page automatically when:
All the tabs is inactivity (no mouse move, no key strokes)
Can you please hint me how to do this?
It's a dirty solution, and I haven't tried it yet, but this could work in theory:
When you have detected activity on the page, save a flag in a database table to denote that there is activity on the page (probably also want the timestamp to help you determine how long ago the activity happened and the user identifier to make sure it's the right session). Depending on how often you want to make this save, you could use a simple script like this (https://stackoverflow.com/a/3877867/987905) to keep track of the most recent keystroke or whatever you want to track, then after a certain amount of time (say 5 minutes), decide to save it to a database if there ever was activity (that way you aren't making database saves every time there is activity detection).
During your check to see if the session is active, check the database for the flag and timestamp to see if the session has been reported as alive on any instances of that user being logged in. If so, re-activate the session via your keep alive, or re-authenticate.
Again, I haven't tried this, but have been thinking about it recently. It seems to be a viable solution, just comes with the downside of making database saves/calls behind the scenes, possibly hurting performance.
Related
Do anybody knows, how I can get all logged in users in TYPO3 8.7 with extbase? Shure, I can get the fe_users sessions, but isnt there an more extbase like way?
UPDATE:
I need to get the uid's of all currently logged in users. It seems
that the is_online field holds only the timestamp from the last login.
If the user is logged out, this filed has still the timestamp. maybe
is reading the fe_sessions really the better way?
You can evalute two fields every fe_users record holds: is_online and lastlogin.
The field lastlogin is refreshed on each server access.
AFAIK the field is_online is evaluated in the form now - lastlogin > n.
So in general you have another problem, as you can not clearly detect which users are active. You only have the information when a user last time contacted the server.
The interval n is necessary as an user has no continous connection to the server. He can just read some text before he clicks to another page, but he also could close the browser window every time. And even then, if the session cookie is stored, he might use the website again and can be online immediately. Was he online the whole time?
On contrast to this a user is not even marked offline (is_online = 0) if he does an explicit logout.
In my asp.net web application, the session is set to its default timeout value. As far as I understand, the timeout starts to count the minutes as soon as the application is idle and no action is done on it. However, when i open up a form and start filling it, if I take longer than 20 minutes to fill up the form then when i press "Save" the application logs out. I'm not inactive, but actually i'm filling up data in the form, so I don't want the session to timeout.
Is there a way to let the session only start counting the time when there is no action at all and let it "sense" the typing of the user ?
What you are looking for is called a "heartbeat". There are a number of ways of achieving this - the easiest will depend on what other assets you already have in your page - jQuery, AJAX controls, whatever.
The basic premise is that it sends, in the background, a request to the server effectively saying "I am still here" to the server to stop the timeout from happening. Ideally your solution should be checking for onkeypress in the javascript to ensure a user is there and filling in the form.
A search for "heartbeat form filling javascript asp.net" leads to a few sample ideas.
I'm developing an online quiz site where the users can take tests (multiple choice). I have a requirement to put a timer on the test say if the maker of the test sets the time to 30min a timer would be placed on top of the page counting down the time, now i want to monitor the timer on the server side when it reaches to 00:00 the test would stop and the marks obtained is shown.
Solutions i have considered:
1) To use a JS plugin and upon its expiry do a location.href to some ActionResult that will end the test.
2) To create a session and clear it after the given time and before rendering each question check that session if it has expired or not.
My concern about using a javascript based solution is its robustness, i want to implement a server side solution. Please help me find the right path...
Regards.
When using the timer in the browser there is no way to verify that it is running as expected. User can disable javascript and get around your restrictions; heck they can even change your javascript. So relying solely on javascript is not an option.
The best solution is to validate postbacks on server side. You can use javascript on Client side to inform the user so that they are aware of how much time is left and server side to verify they have not gone over the time limit. If synchronization is required, then you can have the javscript ping back every so often to resynch the time.
Expanded Answer
The time of the start of the test should be on the server side. Whenever the user clicks begin test or other start buttton to begin their test. The server should note the current time - perhaps in a session or even in database.
The user should then be informed of the time remaining via javascript and expected end time. These are then updated whenever the user submits a question or perform another postback to the server.
The end time will be the fuzzy part. If the javascript does it's job correctly; you can inform the user their test has ended through this (or window.href etc). If the javascript is not worked; then the user will receive their notification whenever they next attempt to submit something to the server.
Either way, the user should clearly be informed that this is the expected end time, and how much time they have remaining on each page load.
As the title states, how can i stop two users from booking the same appointment time.
Example, two users logging, on there screen they can both see that a 1pm appointment is available. They both try to book themselves into that appointment time.
How can i stop this from happening and ensure only one user can book it, then refresh the screen to show the next available booking time to the other user.
Thanks.
That's a fairly classic use case. You can simply display the appointment plan at a specific time. That can remain static or you can set up a periodic process (for example, every five seconds) to update the plan with new information.
Then, when the user/operator decides to book a free timeslot, it tries to do an (atomic) update that will fail if someone else has slipped in (using primary key or some other unique constraint). The atomicity of the update operation guarantees that only one person can book the timeslot. If the update works, voila, you have your time booked.
If it fails, notify the user of that fact and then load up the new appointment plan.
Rinse and repeat until the user has their booking or they wander off, disgruntled.
I do not think that this is optimal. Why don't you opt for a first clicked/first served pattern ?
What may happen if you have 10 users or more viewing the same page ? A user viewing a page does not mean that he will click on a time slot. So IMHO wait for a user to REALLY click and then notify eventually other users that a time slot they are viewing has been booked (As it happens with StackOverFlow when somebody answers a question while you are answering)
my problem is follow:
I have an auctioneer site, in which many different objects will be auctioneerd.
My problem is very simple to clear for an more experience user I thinK. How I can handle business and database logic without opened a site or them?
My problem is to say directly, if nights at 3 no user is on the site, the winner (e.g.) must be set - if a page is opened or not.
So I need some kind of "every 2 seconds, do this method" - without opened a site.
My idea was a sepereate application which uses the same business and database-layer as the asp.net page and let this run at the server. Is that a good or bad idea?
The separate process (scheduled app or Windows service) is the only reliable way you can achieve this.
Using the same BLL and DAL are exactly the right thing to do too.
Check out this article on windows services http://msdn.microsoft.com/en-us/library/aa984074(VS.71).aspx
To let every user query the database every 2 seconds would create unnecessary traffic on your site, which is not a good idea. (users tend to refresh the page many times just before the auction closes anyway)
My thoughts:
Add a date to the auction when it closes.
The last user that places a bid is always the winner, and you can't place bids after 3 am (the date the auction closes), so if you visit the site after 3 am (you can't place a bid and) the winning user is displayed. If somebody opens the site just before 3 am and places a bid after 3 am your business logic should check the date of the bid and deny it.. (also: users might live in different timezones so consider displaying the server time on your site).
Setting the date to 'now' would close the auction immediately.
You can also add javascript to refresh the page if your clock passes the hour or something like that. (or use the number of seconds left before the auction closes in a setTimeout function or metarefresh)