Way to limit total number of sessions from one IP address

Discussion in 'ASP General' started by tbone, Jan 30, 2006.

  1. tbone

    tbone Guest

    In trying to improve the throughput of a classic ASP app I wrote last
    year, I added monitoring to the application and session start and end
    methods. For one, I'm counting the total number of sessions and the
    high water mark. My monitoring has revealed a few interesting things.

    1. The ASP application is being shutdown and restarted almost daily.
    The hosting company swears that neither the machine (shared server)
    nor IIS nor the application is being restarted. Is there any other way
    the Application_OnStart and _OnEnd methods might be invoked?

    2. I found in the app log that apparently one invocation of the app
    was being shutdown while a new one was being started; i.e. the Startup
    event for the new run was logged before the Shutdown Complete event
    was logged (in the same file) for the old run. How is this possible?

    3. At one point, about 40 new sessions were started up from one given
    IP address, with 5-10 seconds between start events being logged. Does
    this happen if the user has his browser's cookies disabled? How else
    might this happen (except perhaps for deliberate DoS-style hacking)?

    4. Because of (3) above, I think I want to limit the number of
    concurrent sessions originating from a given IP address (I already
    keep an application-level array that tracks the IP addresses of all
    active sessions). To be least annoying to the end user, I presume I'd
    want to kill older sessions rather than not allow newer sessions (in
    case of browser crashing, for example). Is there a way to kill another
    session by ID, or to instruct another session to kill itself?

    Thanks
    tbone
    tbone, Jan 30, 2006
    #1
    1. Advertising

  2. tbone

    Larry Bud Guest

    > 3. At one point, about 40 new sessions were started up from one given
    > IP address, with 5-10 seconds between start events being logged. Does
    > this happen if the user has his browser's cookies disabled? How else
    > might this happen (except perhaps for deliberate DoS-style hacking)?
    >
    > 4. Because of (3) above, I think I want to limit the number of
    > concurrent sessions originating from a given IP address (I already
    > keep an application-level array that tracks the IP addresses of all
    > active sessions). To be least annoying to the end user, I presume I'd
    > want to kill older sessions rather than not allow newer sessions (in
    > case of browser crashing, for example). Is there a way to kill another
    > session by ID, or to instruct another session to kill itself?


    I think limiting the # of sessions is a backwards way of fixing this.
    There's no reason your app should be shutting down in the first place.

    But if you insist, the only way I can think of it is to save IP address
    and Session ID in a database on the home page.

    Then on each subsequent page, you need to check to see if they still
    match. If they don't, a newer session has been introduced, and you
    could push the user to a "session timed out" page.
    Larry Bud, Jan 31, 2006
    #2
    1. Advertising

  3. tbone

    Roland Hall Guest

    "Larry Bud" wrote in message
    news:...
    :> 3. At one point, about 40 new sessions were started up from one given
    : > IP address, with 5-10 seconds between start events being logged. Does
    : > this happen if the user has his browser's cookies disabled? How else
    : > might this happen (except perhaps for deliberate DoS-style hacking)?
    : >
    : > 4. Because of (3) above, I think I want to limit the number of
    : > concurrent sessions originating from a given IP address (I already
    : > keep an application-level array that tracks the IP addresses of all
    : > active sessions). To be least annoying to the end user, I presume I'd
    : > want to kill older sessions rather than not allow newer sessions (in
    : > case of browser crashing, for example). Is there a way to kill another
    : > session by ID, or to instruct another session to kill itself?
    :
    : I think limiting the # of sessions is a backwards way of fixing this.
    : There's no reason your app should be shutting down in the first place.
    :
    : But if you insist, the only way I can think of it is to save IP address
    : and Session ID in a database on the home page.
    :
    : Then on each subsequent page, you need to check to see if they still
    : match. If they don't, a newer session has been introduced, and you
    : could push the user to a "session timed out" page.

    Isn't this a problem for multiple NAT or proxy users?

    --
    Roland Hall
    /* This information is distributed in the hope that it will be useful, but
    without any warranty; without even the implied warranty of merchantability
    or fitness for a particular purpose. */
    Technet Script Center - http://www.microsoft.com/technet/scriptcenter/
    WSH 5.6 Documentation - http://msdn.microsoft.com/downloads/list/webdev.asp
    MSDN Library - http://msdn.microsoft.com/library/default.asp
    Roland Hall, Feb 3, 2006
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Ken Cox [Microsoft MVP]

    Re: Relationship between IIS Sessions and ASP.NET Sessions?

    Ken Cox [Microsoft MVP], Aug 8, 2003, in forum: ASP .Net
    Replies:
    1
    Views:
    5,348
    Luther Miller
    Aug 8, 2003
  2. Maziar Aflatoun
    Replies:
    1
    Views:
    4,358
    Steve C. Orr [MVP, MCSD]
    Dec 30, 2003
  3. Peter
    Replies:
    1
    Views:
    2,185
    John B. Matthews
    Jan 19, 2010
  4. scottymo
    Replies:
    3
    Views:
    683
    Dominick Baier
    Sep 30, 2006
  5. Bookham Measures

    Moving from ASP Sessions to Database Sessions

    Bookham Measures, Jul 23, 2007, in forum: ASP General
    Replies:
    19
    Views:
    544
    Bookham Measures
    Aug 23, 2007
Loading...

Share This Page