detecting the session closing

[Russell]

Hi all,
I have a web page(a) that has a link to another web page(b). Now, on the
page load event of web page(b), I am doing the following:

Response.redirect("./test.pdf")

This pdf, if the user copies the url, can go back to it after they have
logged out of my web site.
I need to delete this file. I need to find a way to detect the web page is
closing so I can delete the pdf file.
Of course, redirecting to the pdf opens the pdf in its own page, so I can't
code to delete the file that way.

How can I detect that the user has close the pdf file?

Any help is greatly appreciated, as I need to resolve this ASAP.
Thanks

Russell

 

[Marina]

Why not handle the session_end event, and in that event delete the file.

Closing the browser is not in any way related to sessions ending, btw. This
even will fire after the idle timeout is reached.

 

[MWells]

Russell, sounds like you're trying to construct a simple, secure document
management system.

I don't have a particularly satisfying solution for the
delete-when-user-leaves approach. It's difficult to detect a users
departure accurately, which hampers this approach greatly.

If you want to pursue that, the best solution I can recommend is to have a
"heartbeat" between the client and the server. Each tick of the heartbeat
would update a "last seen" timestamp on a database table that identifies the
document. On a request for the document (which, I'm guessing, is a special
copy intended for that one user only), you compare DateTime.Now to the
timestamp the heartbeat was last seen. If it's too long, you just deny the
request and delete the document.

The heartbeat is simple enough to construct; have a hidden frame or a 1x1
IFRAME in your document display page, and the page loaded in the IFRAME can
use the auto-refresh tag at a 30 second interval. Crude, but amazingly it
works, and if the user closes their browser you can safely do cleanup in as
little as 65 seconds or so (I use 2 beats for safety).

This approach also avoids having a back-end process, but suffers from a
trash problem. If a user views their document, and dutifully closes their
browser and never requests it again, there is no further event specific to
that document. You never get to take out the trash. A back-end process
that runs every 5 mins, checks the db table for old files and deletes them
is easy to construct if you want to keep your "document cache" clean.

If I've interpreted your objectives correctly so far, let me suggest a
completely different solution;

Eliminate the cache. Store the documents somewhere else, e.g. on your
network or in the database. When a user requests a document, have them
request it from an .aspx page that goes and retrieves the document and
writes it back to the user.

This approach is much cleaner, and ultimately simpler. No temp documents,
no files to copy or delete.

/// M

 

[Patrice]

Not sure what the exact problem is but instead you could perhaps stream the
PDF file to the browser using Response.WriteFile. It allows to store the PDF
file outisde of the web site and you can perform addtional checks before
allowing the download...

That said I don't really see what you try to avoid. Once they have the PDF
they can do whatever wiht it without even having to return to this URL
(unless this is a temporary file or whatever else created on the fly each
time in which case using the same name for all users could be perhaps
problematic ???)

Or do you copy the file here and you would like to remove it once the
download is over ? (in hwihc case the streaming solutuion could help).

Patrice

 

[teknohippy]

Hi all,
I have a web page(a) that has a link to another web page(b). Now, on the
page load event of web page(b), I am doing the following:

Response.redirect("./test.pdf")

This pdf, if the user copies the url, can go back to it after they have
logged out of my web site.
I need to delete this file. I need to find a way to detect the web page is
closing so I can delete the pdf file.
Of course, redirecting to the pdf opens the pdf in its own page, so I can't
code to delete the file that way.

How can I detect that the user has close the pdf file?

Any help is greatly appreciated, as I need to resolve this ASAP.
Thanks

Russell

Why not use the session end event in global.asax?

Or if you are not using sessions and want to force someone to be
logged into view the file then store it off the website and process
the request for the file by checking they are logged in and then
pushing the binary back to their browser.

I

 

[IPGrunt]

Hi all,
I have a web page(a) that has a link to another web page(b). Now, on the
page load event of web page(b), I am doing the following:

Response.redirect("./test.pdf")

This pdf, if the user copies the url, can go back to it after they have
logged out of my web site.
I need to delete this file. I need to find a way to detect the web page is
closing so I can delete the pdf file.
Of course, redirecting to the pdf opens the pdf in its own page, so I can't
code to delete the file that way.

How can I detect that the user has close the pdf file?

Any help is greatly appreciated, as I need to resolve this ASAP.
Thanks

Russell

Russell,

You can't easily tell when a user closes a PDF file, as opening the pdf is
really invoking another application on the client, the Acroread32 process.

You *can* add a session close method in global.asax as OPs have suggested,
but this is not guaranteed to work, as closing the session is generally
dependent on the server timeout, not an action explicitly performed by the
webapp.

If, and only if, you can make your users logout and explicitly close their
session, then you can make deleting this file as part of the process.

But how do you do this?

-- ipgrunt