I'm aware of how to get a total count of active sessions for your application but is it possible to get a count of active sessions on a specific page?
For example if you had 2 users currently viewing 'page.aspx' then it would report 2 users active for this page.
I'm only aware of being able to query the current session in codebehind by using Page.Session
You can never know for certain if someone is viewing a page or not: the web is both disconnected and stateless.
The technique is, on every request, to log the page requested; every time that user (uniquely identified, somehow) moves to another page then their "last page requested" is updated, along with a timestamp, you might assume that if no subsequent request is made after say, 5 minutes, then they've closed the browser window.
An alternative is to use a Javascript poller or window event handler, but that's unreliable and you must never depend on this in your application.
Related
Imagine a simple html page with 3 iframes pointing to the same url:
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title></title>
</head>
<body>
<iframe src="http://www.mydom.com/mypage.aspx"></iframe>
<iframe src="http://www.mydom.com/mypage.aspx"></iframe>
<iframe src="http://www.mydom.com/mypage.aspx"></iframe>
</body>
</html>
My goal is to track unique visitors in mypage.aspx code behind. Sounds simple but the following:
if (Request.Cookies["myc"] == null)
{
// New visitor!
Response.Cookies["myc"].Value = myval;
Response.Cookies["myc"].Expires = DateTime.Now.AddYears(10);
}
else
{
// Returning visitor
}
has a problem. Visiting the html page with the 3 iframes I get three simultaneous hits to mypage.aspx and Request.Cookies["myc"] is null all three times while I should understand that it is the same user (1st hit: new visitor, 2nd and 3rd hits: returning visitor for a total of one visitor/user). Any ideas how to fix this?
A very intriguing question!
The core problem is that the internet is an asynchronous, anonymous place.
The browser may submit one of these requests at a time, or all three at the same time, so there is no way to control the order of events on the user's machine.
In addition, the browser does not make any special effort to uniquely identify the user. Any identification system must be jerry-rigged into the request/response cycle. GA uses cookies to tag users and can pull that information with each and every request. Essentially, GA tags the user before they visit your site, thus allowing that service to identify the user on the "first" hit.
Your problem is that you want to implement your own identification solution. You need to somehow include the user's identity in the request. But, until they visit the site, you have no way of doing that. And, given that each simultaneous request will have a different identity embedded in the response, you cannot guarantee that a user will be tagged with a single identity.
Basically, to the best of my knowledge, there is no solution which will allow an anonymous user to be automatically and uniquely identified by your site.
You may be tempted to use IP addresses and that can work in some situations, but it's a very bad solution. Right now I am behind my employers firewall. If you were to use the IP address currently visible to you to identify me, you would see me and the 5,000 other people who work here as a single user. That's a very dangerous system to rely on.
If you really, really need a single identity for each user - one that cannot be circumvented or accidentally trodden on via multiple simultaneous requests, etc - then your only solution is to require the user to explicitly identify themselves on their first request via a value embedded in the POST or GET query or a cookie created during a previous visit.
In your scenario, all three responses could generate a cookie with a unique ID (three ids in succession, each overwriting the previous value). The landing page could be a generic "welcome to my site" page, or something like that. The user could then click a link to visit the site, at which point the last generated cookie (with the last generated id) would be embedded in the request. While you cannot guarantee that only one ID will be generated per user, you can at least be fairly confident that they will be identified by a single ID after the initial round of requests (and before they visit the main content portion of your site).
Of course, you could use a complicated AJAX solution where the response for unidentified users is essentially a container (without an ID). The AJAX could then set a flag within a cookie indicating that it is retrieving an ID, then it could submit the first request. Subsequent AJAX containers would see this cookie and then enter a polling state, waiting for the flag to be cleared. When the first response comes back, the first AJAX container could set the ID in the cookie and change the flag. Then, the remaining containers will detect the flag change and can retrieve the ID from the cookie (rather than sending their own requests).
Once the AJAX container has an ID, it could send a request for content along with the unique ID. Your site could then respond, filling the container with the appropriate data (or simply redirecting to the appropriate page).
This solution, if properly implemented, would more or less guarantee that a user is assigned only one ID. But really, is it worth it? Remember, the cookie and the request "belong" to the user. The user can pretty easily edit both. While there are techniques for detecting an edited identity (most involving some form of encryption), you cannot prevent a user from "anonymizing" themselves if they so choose. Sometimes a halfway solution is sufficient.
All you have to do is to put the same code in a [webMethod] instead of in PageLoad then call the [WebMethod] from client via js (XMLHttpRequest), you will receive the three calls in sequence. No more probs due to simultaneous hits.
That makes good sense. The request for all of these does not have any cookies the first time, so it will be null in all cases. Remember it should do this as async as possible, it's necessarily linear (it might be, I am not expert at how the flow is).
Instead, look at the Ip address and timestamp. If it is the same, you can work as if it is the same user.
Yes, that solution is not perfect, but it's better than the cookie solution.
Do not use iframes, Use Master Pages. Create a Master Page, and put this code on the top of your "mypage.aspx"
<%# Page Language="C#" MasterPageFile="~/Site1.Master" ...
I'm working on a business application using ASP.NET Ajax , NHibernate and Spring.Net, I've got an annoying problem. The problem is that when I leave page for about 5 minutes and then return back and try to make any action that posts back, it displays wrongly (if there are controls hidden by style it became visible). In addition, the page didn't post back to the server.
Also the problem happens when opening two different tabs, different pages (Each page uses session but different keys )
Thanks in advance
As you describe the problem, its sounds that connect the content of the page with the user cookie and session, and when the session expired the application did not take care to recreate it.
So the post back fail because the session data have been lost when the page ask for them / need them to work and display correct the results.
This is the issue that I diagnose, how you fix that is up to you :)
Possible solutions
Change the logic of the page creation.
While the user is on page do not let the session ends (not good practice)
Store the user data of the page, on a database - connected with the user, and delete it after some days if not have been updated.
My application is in Asp.net coded C#.
My requirement :
If someone has opened his page and didn't do nothing, then after 5 minutes the page will be closed and the changes will saved.
(this feature is exists in bank pages or another pages with protection)
Suggest how can i achieve the needed result.
You will need to use some client-side scripting to accomplish this. In your script you will need to use: setTimeout to set a timer to go off after 5 minutes of inactivity. (The timer should get reset whenever the user is actively doing something). When the timer goes off, call a function to postback to do a "save and exit".
Like #CodeOfChaos says Javascript might not let you close the browser. In my opinion it would be better to redirect the inactive user to a page telling them "Your changes have been automatically saved and you have been logged out."
While Ive seen plenty of examples in PHP, can't seem to find one in VB, I want to know if this is even possible.
I have a page, a session starts on page load (using global.asax) the user may not move from (or interact with) that page for a long while and I dont want to increase the session timeout. When the session times out after say.. 20 minutes, I want to start a new one, without moving from the page.
I also don't want constant keep-alives
I want to do it via another method (timer, button press...)
Is this even possible?
If you want to extend the session without a constant keep-alive, and prefer the user to click a button, or base it on a timer, then I would advise that you use fire an AJAX request to the server and not expect any type of a response. Simply doing so will keep the session alive. You can fire this request on any of your preferred criteria using javascript/jquery.
I am using VS 2005, C# 2, ASP.Net 2.0
I am unable to find out how to track that user pressed F5/Ctrl+F5/ Open a new Window(Ctrl + N) in ASP.Net.
I know that there is a Page.IsPostBack property, which tells that a page is loaded in response to an action taken by user.
I am just curious to know, that why isn't there a property as IsRefresh or Page.IsRefresh in ASP.Net, which will return true,
whenever user takes any of the above actions.
Is there a way to know this?
Actually my problem is that i have a DLL using which all of my aspx pages are inherited, I have to
insert some values in a table whenever the page is opened for the first time that's it, if user just opens the page or do not take any action,
an entry should be inserted into the database, but as far as I have tried, I controlled it anyhow using the Page.IsPostBack property, but I got stuck
in the refresh case, as it is inserting records unconditionally.
Similar to using a function in Global.asax (as others have suggested) you could use a session variable "flag". When the page first loads set a session variable and then just check against it in your page load function:
if (Session("visited") != "true"
//page has not been visited, log visit to DB
Just make sure you set the session flag sometime after the above check during the page load.
It won't be exact (sessions can timeout while a page is active, users can completely leave the site and come back in the same browser and the session stays alive, etc) but for your tracking it is much better than counting every page hit in the DB.
Perhaps you want the Session_Start method in the Global.asax file, which will be triggered once at the start of each user session?
In your Global.asax file, add or edit the method:
void Session_Start(object sender, EventArgs e)
{
}
why isn't there a property as IsRefresh or Page.IsRefresh in ASP.Net
Because ASP.NET cannot possibly know. The browser does not send any information that could allow it to determine whether the page is being requested due to a refresh or normal load. You will need to reconsider your requirements: what is the actual purpose of the database logging?
Session_Start method in Global.asax file is fired every time when a browser session is started. You can use this method to count number of unique users on your website.
Session_End method in Global.asax is fired when a session ends (explicitly or timedout). So you can decrement the count here.
Hope the above to example uses of these methods helps you understand how you can use them.
Because of the stateless nature of HTTP protocol there is no way to tell apart the initial load from the refresh
As has already been said. This isn't possible. A request issued due to a refresh is no different to a request issued the first time the page is loaded.
It sounds to me like you are trying to track page views somehow. This is certainly possible though it will require some work on your part. Your best bet is probably to log the URL of the page. You may also want to include the query string in order to differentiate between page loads for different pieces of data (if this happens in your application). You will also want to log the ID of the current user, and the ID of their session.
You can then make sure that you don't insert two page views for the same user for the same page in the same session, effectively filtering out any reloads of a page.
You do need to be aware that this isn't the same as detecting a refresh, what you are detecting is two page views in the same session, this could be a refresh, or it could be use of the back button, or just reloading from the address bar.
My suggestion would be to create a cookie on very first load, then on Page_Load check to see if the cookie exists. If it does, don't insert the record. You can use Session_End to destroy or create the cookie as someone suggested if that works with your application's architecture.