Identify User After Session Ends

[Alphonse Giambrone]

I am building a web app for users to add/edit data. They may add/edit
several records during a session.
When they are done (not necessarily immediately, could be 10 or more minutes
later), I need to send an email with some summary info of what was
added/edited.
I can keep track of the records by using the sessionid or user's login, but
how can I determine when to send the email and who the user was since there
is no session info available in the session_end event?

This will be on a commercial web server so scheduled tasks is not an option.
Is there some method of looping through the active sessions on an
application level so that I could compare the active sessionid's (or session
variables) with those saved to a db during editing?

TIA

 

[Lucas Tam]

I can keep track of the records by using the sessionid or user's
login, but how can I determine when to send the email and who the user
was since there is no session info available in the session_end event?

You could fire off a new thread to do the database work, then send the e-
mail once the thread is done?

 

[Alphonse Giambrone]

Thanks for the reply Lucas.
I don't quite understand. I don't want to send an email every time the user
edits a record. I want to send it when they are done with ALL their editing.
They may edit 1 record or many and I can't depend on a user clicking a
button when they are done with all.
The concept of session_end would be ideal except when (if) it fires, there
is nothing left to identify who the session belonged to.

 

[Steven Cheng[MSFT]]

Hi Alphonse,

From your description, you're building an asp.net web application in which
the users can edit some datas which stored in session and when the user's
session is timeout, we need to send a mail to him with his editing datas.
However, you found its unable to retrieve the sessionid in the Session_end
event , so you're wondering some means to get that, yes?

As for problem, I think maybe cookie is a possible approach, since the
cookies are stored on the client mahcine and still accessable in
Session_End, you can try generate a identical key when the user login and
store in cookie to idenitfy him. And in Session_End , use this cookie value
to get the data for the user.

In addition, the Session_End event seems only work for InProcess Model
session, so if you'll care this problem, there is also another approach
that use the Application Cache to store the user's data. Just define a
certain cache object for storing each user's data and we can specify a
Expire Time and add EXpire event handler for cache object in asp.net.

Just some of my suggestions. Hope helps.


Regards,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

 

[darin dimitrov]

Hello,

You could use a domain object that will hold the users information
and when a user logs in, save this object into the session. You will
update the object when the user performs an action on your site like
insert, update, delete record. In the Session_End event you can
retrieve your domain object from the session.

Here is an example which worked for me:

// The domain object
public class User
{
// Unique identifier of the user
private string _id;
// Holds information about the operations that the user performed
in this session
private ArrayList _performedOperations;
public User(string id)
{
_id = id;
_performedOperations = new ArrayList();
}

public string Id
{
get { return _id; }
}

public ArrayList PerformedOperations
{
get { return _performedOperations; }
}

}

protected void Session_Start(Object sender, EventArgs e)
{
User user = new User(Guid.NewGuid().ToString());
Session.Add("user", user);
}


protected void Session_End(Object sender, EventArgs e)
{
User user = (User) Session["user"];
// send email here.
}

Don't forget to adjust the timeout attribute in your web.config
file. For testing you can set its value to 1 and observe that the
Sesssion_End event is fired after 1 min of inactivity from the user.


HTH,

Darin

 

[Alphonse Giambrone]

Steven,

Thanks for the idea. I was not aware of the Expire event handler for cache
objects, but it sounds like it would work.
Do you have an example of using it?
Where is it accessed from, the global.asax?

 

[Alphonse Giambrone]

Darin,

Thanks for the interesting suggestion.
Could you please explain a bit.
It seems like you are storing the user object in session.
I had believed that nothing stored in session was available within the
session_end event.

 

[Greg Burns]

Don't believe you can access session variables from within Session_End.

Greg

 

[darin dimitrov]

Dear newsgroup readers,

Please forgive me if I provided some wrong information as I am not
an advanced .NET developper. What I am sure of although is that the
code snippet I provided works great for me and I can access session
state variables in the Session_End event. The only problem with this
event is that it is fired only if you are using *InProc* as a session
state (never fired if you use StateServer or SQLServer but there is a
workaround).

Thanks,

Darin

 

[Steven Cheng[MSFT]]

Hi Alphonse,

As for the cache object's expire event, it is fired when the cache object
will be removed from the application cache and we can register a
OnRemoveCallBack handler for each cache object. Here is the msdn doc
discussing on this:

#Notifying an Application When an Item Is Deleted from the Cache
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpguide/htm
l/cpconnotifyingapplicationswhenitemisdeletedfromcache.asp

In addition , below is another tech article which make use of the
OnRemoveCallBack to notify when cache object will expire:
#Prevent Multiple Logins Using the Cache in ASP.NET
http://www.eggheadcafe.com/articles/20030416.asp

Hope also helps. Thanks.


Regards,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

 

[Alphonse Giambrone]

Thanks Steven, the articles are very helpful.
I should be able to complete the task with that info although I won't be
able to get back on it until next week.

 

[Alphonse Giambrone]

Darin,

I did a simple test based on your code and it does indeed work, though as I
previously mentioned I am puzzled as to why.
The difference I see between your code and what I had previously tried is
the method of accessing the session variables.

I had previously tried
HttpContext.Current.Session("mykey") = myval

myval = HttpContext.Current.Session("mykey")
which fails in session_end.

but your method of
Session.Add("mykey", myval)

myval = Session.Item("mykey") or myval = Session("UserID")

does work ( at least in some simple testing) in session_end.

Can anyone explain??

 

[Greg Burns]

I did the same simple test and you guys are right.

In session_end event HttpContext.Current.Session is not accessible, but the
intrinsic Session is.

My apologies for spreading misinformation.

Greg

HttpContext.Current is not valid in Session_End event, but

 

[darin dimitrov]

Darin,

I did a simple test based on your code and it does indeed work, though as I
previously mentioned I am puzzled as to why.
The difference I see between your code and what I had previously tried is
the method of accessing the session variables.

I had previously tried
HttpContext.Current.Session("mykey") = myval

myval = HttpContext.Current.Session("mykey")
which fails in session_end.

but your method of
Session.Add("mykey", myval)

myval = Session.Item("mykey") or myval = Session("UserID")

does work ( at least in some simple testing) in session_end.

Can anyone explain??

Alphonse,

Here is what is wrong with your code:

The exception you get is because the HttpContext object is null,
not because the Session is null.

When you write: myval = HttpContext.Current.Session("mykey"); in
fact you are using the HttpContext object which is created only when a
new request-response cycle occurs. In the Session_End event there is
no such cycle. Remember the Session_End event is fired only if the
session times out or if you explicitly call Session.Abandon(); so
there is no HttpContext associated. You should instead use the Session
intrinsic as suggested in my snippet in order to retrieve any
information relative to the session.

Another thing to note when dealing with sessions is that the
Session object gets persisted only if it points to some value,
otherwhise it will be null (the session doesn't contain the actual
data you save, it only holds a pointer to this data).

Thanks,

Darin

 

[Alphonse Giambrone]

Darin,

Thanks for the explanation.
That raises another question.
When/how is the 'session' data removed from memory?
The garbage collector?
Or should I be removing it in session_end?

 

[Steven Cheng[MSFT]]

Hi Alphonse,

Don't worry about the Session Datas, though they're still available in the
Session_End event, but that's actually the last time we can access them.
After the Session_End, that Session will be removed and all the datas will
lose reference and waiting for GC to collect them.

If you have anything else unclear, please feel free to post here. Thanks.

Regards,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

 

[Alphonse Giambrone]

Thanks Steven, I thought that might be the case but needed to be sure.

 

[Steven Cheng[MSFT]]

You're welcome Alphonse,

If you have any other questions later, please also feel free to post here.
Have a good day!

Thanks.

Regards,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)