Detecting when the user moves away from two particular pages

Discussion in 'ASP .Net' started by Simon Harvey, Oct 22, 2004.

  1. Simon Harvey

    Simon Harvey Guest

    Hi everyone,

    I'm having a frustrating problem and I don't know how to fix it without
    totally redoing a very complicated couple of pages on my site. I really hope
    some kind soul can help me :)

    Its a very simple situation:

    I have 1 page that serves to create and update users and another page to add
    roles to the user.

    In order to keep the state as the user moves back and forward between these
    two pages, I've made a session entity class that I add to the Session when
    moving between these two particular pages.

    Thats all fine.

    When the user arrives at the Create/Update page, it checks to see if the
    session entity exists. If it does, then it loads the user interface with the
    info in the entity object.

    Also fine.

    The problem occurs when the user comes to the page, half creates a user then
    goes away from the page using one of the several links on the page and then
    returns to the page.

    Because the Session Entity still exists from the last occasion the user was
    at the Create/Edit page, the page loads the data from it even when it
    shouldnt.

    The end result is that the UI gets populated with values that it definately
    shouldnt!

    My question is generic - how can i stop this from happening? I know people
    use Process State objects for managing a multestage process all the time, so
    this situation must arise all the time. I'm hoping theres some sort of
    design pattern for it.

    The only way I can think to prevent the problem is to detect when the user
    moves away from the page by using the links on the page and delete the
    session object when moving away from the 2 create/update pages.

    Does anyone know how I can detect when the user moves away from two
    particular pages?

    Sorry thats quite a complicated explanation. I really hope someone can help

    Thank you

    Simon
    Simon Harvey, Oct 22, 2004
    #1
    1. Advertising

  2. Smart navigation - have you tried using it?

    -Demetri

    "Simon Harvey" wrote:

    > Hi everyone,
    >
    > I'm having a frustrating problem and I don't know how to fix it without
    > totally redoing a very complicated couple of pages on my site. I really hope
    > some kind soul can help me :)
    >
    > Its a very simple situation:
    >
    > I have 1 page that serves to create and update users and another page to add
    > roles to the user.
    >
    > In order to keep the state as the user moves back and forward between these
    > two pages, I've made a session entity class that I add to the Session when
    > moving between these two particular pages.
    >
    > Thats all fine.
    >
    > When the user arrives at the Create/Update page, it checks to see if the
    > session entity exists. If it does, then it loads the user interface with the
    > info in the entity object.
    >
    > Also fine.
    >
    > The problem occurs when the user comes to the page, half creates a user then
    > goes away from the page using one of the several links on the page and then
    > returns to the page.
    >
    > Because the Session Entity still exists from the last occasion the user was
    > at the Create/Edit page, the page loads the data from it even when it
    > shouldnt.
    >
    > The end result is that the UI gets populated with values that it definately
    > shouldnt!
    >
    > My question is generic - how can i stop this from happening? I know people
    > use Process State objects for managing a multestage process all the time, so
    > this situation must arise all the time. I'm hoping theres some sort of
    > design pattern for it.
    >
    > The only way I can think to prevent the problem is to detect when the user
    > moves away from the page by using the links on the page and delete the
    > session object when moving away from the 2 create/update pages.
    >
    > Does anyone know how I can detect when the user moves away from two
    > particular pages?
    >
    > Sorry thats quite a complicated explanation. I really hope someone can help
    >
    > Thank you
    >
    > Simon
    >
    >
    >
    =?Utf-8?B?RGVtZXRyaQ==?=, Oct 22, 2004
    #2
    1. Advertising

  3. Simon Harvey

    Matt Berther Guest

    Hello Simon,

    You could do an OnUnload handler on each of your pages body tags. This handler would be responsible for creating an HTML-RPC call to null out the Session Entity.

    <html>
    <head>
    <script language='javascript'>
    function destroySessionEntity() {
    // create your web request here...
    }
    </script>
    </head>
    <body onUnload="destroySessionEntity()">
    </body>
    </html>

    --
    Matt Berther
    http://www.mattberther.com

    > Hi everyone,
    >
    > I'm having a frustrating problem and I don't know how to fix it
    > without totally redoing a very complicated couple of pages on my
    > site. I really hope some kind soul can help me :)
    >
    > Its a very simple situation:
    >
    > I have 1 page that serves to create and update users and another page
    > to add roles to the user.
    >
    > In order to keep the state as the user moves back and forward between
    > these two pages, I've made a session entity class that I add to the
    > Session when moving between these two particular pages.
    >
    > Thats all fine.
    >
    > When the user arrives at the Create/Update page, it checks to see if
    > the session entity exists. If it does, then it loads the user
    > interface with the info in the entity object.
    >
    > Also fine.
    >
    > The problem occurs when the user comes to the page, half creates a
    > user then goes away from the page using one of the several links on
    > the page and then returns to the page.
    >
    > Because the Session Entity still exists from the last occasion the
    > user was at the Create/Edit page, the page loads the data from it
    > even when it shouldnt.
    >
    > The end result is that the UI gets populated with values that it
    > definately shouldnt!
    >
    > My question is generic - how can i stop this from happening? I know
    > people use Process State objects for managing a multestage process
    > all the time, so this situation must arise all the time. I'm hoping
    > theres some sort of design pattern for it.
    >
    > The only way I can think to prevent the problem is to detect when the
    > user moves away from the page by using the links on the page and
    > delete the session object when moving away from the 2 create/update
    > pages.
    >
    > Does anyone know how I can detect when the user moves away from two
    > particular pages?
    >
    > Sorry thats quite a complicated explanation. I really hope someone can
    > help
    >
    > Thank you
    >
    > Simon
    >
    Matt Berther, Oct 22, 2004
    #3
  4. Don't use smartnav or rely javascript firing on the unload. Both of these
    are very unreliable. What if you did not use links between the two pages but
    used server.transfer or some other way to transfer the data back. Maybe take
    the information out of the session once it has been sent down to the client.
    =?Utf-8?B?U2NvdHQgU2ltb25z?=, Oct 22, 2004
    #4
  5. Simon Harvey

    Eric Gibson Guest

    Simon Harvey wrote:
    > Hi everyone,
    >
    > [snip]
    >
    > The problem occurs when the user comes to the page, half creates a
    > user then goes away from the page using one of the several links on
    > the page and then returns to the page.
    >
    > Because the Session Entity still exists from the last occasion the
    > user was at the Create/Edit page, the page loads the data from it
    > even when it shouldnt.
    >
    > The end result is that the UI gets populated with values that it
    > definately shouldnt!
    >


    So basically what you are saying is that you have a script that represents a
    process with multiple stages that all accept similar values. So the program
    is confused as to how to load these values under certain situations.

    I think you should remedy this problem by clearly dilineating your program
    into steps represented by one subroutine or function (I'm imagining your
    program as one big chunk of logic that displays different things based on
    the session, am I right?). Maybe session's aren't the answer in this case,
    maybe instead you should pass form post or querystring get values back and
    forth from each step that tell your program what's it's supposed to be
    doing.

    When I have a script with multiple steps I usually key off each step in the
    querystring. The first thing my program does is a switch on an "op"
    querystring variable, and executes a routine that implements that step. Then
    each step passes a new op variable which tells program to implement the next
    step. For instance:

    Step 1) Show Create User Form: users.aspx?op=viewcreate&f1=1&f2=2 (shows a
    form which posts to...)
    Step 2) Create User: users.aspx?op=create&f1&f2 (does database calls,
    inserts, and redirects to...)
    Step 2) Modify User: users.aspx?op=modperms&f1=1&f2=2

    So, if someone clicks on another link in the page, and they eventually come
    back to your script, all they have is the first op=new link, so the program
    knows it's creating a new user, regardless of what's in the person's session
    (but it can fill that information in too as it sees fit).

    Something of that nature, catch my drift?

    Keep in mind I'm also hearing security issues in your problem. I don't think
    it's a good idea for users to be in control of the control-flow of your
    program by modifying session information when creating and modifying users.
    Sounds bad! ;-)

    Eric
    Eric Gibson, Oct 22, 2004
    #5
  6. Simon Harvey

    Simon Guest

    Hi Everyone,

    First a big thanks to all wheo answered my problem. All interesting ideas.
    The one that I connect with the most is Eric's.

    The one problem I have is the fact that it uses the query string. The reason
    that I used the session was because I actually thought it would be more
    secure than passing userID's and what not over the wire in a url thats
    clearly tamperable.

    Is there another way I could maintain the state between pages without using
    the query string? Perhaps in a form variable?
    Or maybe i could encrypt the querystring as it goes out and unencrypt it on
    its way in?

    As always, any help very much appreciated

    Thanks all

    Kindest Regards

    Simon
    Simon, Oct 23, 2004
    #6
  7. Simon Harvey

    Eric Gibson Guest

    Simon wrote:
    > Hi Everyone,
    >
    > First a big thanks to all wheo answered my problem. All interesting
    > ideas. The one that I connect with the most is Eric's.
    >
    > The one problem I have is the fact that it uses the query string. The
    > reason that I used the session was because I actually thought it
    > would be more secure than passing userID's and what not over the wire
    > in a url thats clearly tamperable.
    >


    That's cool. Yes, querystring is tamperable, and so are hidden form fields,
    but the data has to come from somewhere to get into your session, so in a
    way your session is tamperable as well! Anything data that comes from user
    input is tainted... ;-<

    Really you could probably fix it solely with any of the above, hidden form
    fields, sessions or querystring with a little craftiness. If I was going to
    make a program similar to what you are doing I'd prolly use a combination of
    them all.

    I might: string the steps together and let the program know what's going on
    using a series of querystring variables (I think of the querystring as a
    command line argument), pass stateless data between each step using hidden
    form variables. And keep any secured user related info in the session (such
    as the users login id and password).

    The security issues for each field would be highly dependent on what you are
    trying to do though, so any of those rules I use for myself might be bent
    for the occassion.

    What I'm saying is; Your program is basically calling itself right? View
    create user, create user, and modify. So wherever in the code it says "If
    Session("Username") Then CompleteStep1()" change it to "If
    QueryString("step1") Then CompleteStep1()"

    Then in the appropriate places where the script passes data from itself to
    itself (such as from a form), give it that querystring value or a hidden
    form id, so it knows what to do next. It might only require a couple small
    changes to accomplish this. If you clearly define all the steps like this,
    you might find it easier to validate the users input as well, because you
    have more power to send them where you want them since you can change what
    step is next concisely in your code.

    Eric
    Eric Gibson, Oct 25, 2004
    #7
  8. Simon Harvey

    The Guru Guest

    Hi Simon,

    If I have understood you correctly, you have multiple pages in your
    ASP.Net project. When user jumps between two pages (Create/Edit User &
    User Roles), you want to maintain certain data which the user might
    have entered in create/edit page.

    One easy soln. is to use "HTTP_REFERER" in the Page_load event to find
    out from which page the user is comming from. If the value of
    "HTTP_REFERER" is not the create or role page, then you have achieved
    what u reqd.
    -Guru

    Simon wrote:

    > Hi Everyone,
    >
    > First a big thanks to all wheo answered my problem. All interesting
    > ideas. The one that I connect with the most is Eric's.
    >
    > The one problem I have is the fact that it uses the query string. The
    > reason that I used the session was because I actually thought it
    > would be more secure than passing userID's and what not over the wire
    > in a url thats clearly tamperable.
    >
    > Is there another way I could maintain the state between pages without
    > using the query string? Perhaps in a form variable?
    > Or maybe i could encrypt the querystring as it goes out and unencrypt
    > it on its way in?
    >
    > As always, any help very much appreciated
    >
    > Thanks all
    >
    > Kindest Regards
    >
    > Simon
    The Guru, Dec 28, 2004
    #8
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Dave Mehrtens

    VS DEsigner Moves HTML comments?

    Dave Mehrtens, Aug 8, 2003, in forum: ASP .Net
    Replies:
    3
    Views:
    503
    John Soulis [MSFT]
    Aug 13, 2003
  2. Mark
    Replies:
    1
    Views:
    534
    Andy Fish
    Nov 2, 2004
  3. Magnus Gunnarsson

    Mouse select moves window (Mac)

    Magnus Gunnarsson, Feb 2, 2004, in forum: Java
    Replies:
    0
    Views:
    330
    Magnus Gunnarsson
    Feb 2, 2004
  4. Kevin Frey
    Replies:
    9
    Views:
    499
    Ron Natalie
    Aug 29, 2003
  5. Replies:
    1
    Views:
    101
    kaeli
    Apr 19, 2005
Loading...

Share This Page