Global.Asax ?

[WJ]

I am attempting to use the Global.Asax to store my user's configuration.
Here is the concept:

1. User logs on into the site using Form Authentication.
2. I capture the user Credential, verify it and then assign this Logon ID
(user) a so called User's serverside cookie.
3. My system is configured to accept 1,024 concurrent users, this means that
my Global.Asax will host no more than 1,024 Logon IDs and their associated
cookies/variables. IOW, cookie is uniquely identified by its Logon ID
(visitor)
4. I understand that Global.asax does not travel to client PC, therefore
there is no concern about security.

My question is: Is the Global.asax a "good" place to track user's events
from page to page and back/forth between client and server ? I try to avoid
storing user's variables inside MS/SQL Server due to performance. I also
plan a scheduled job at night to down the IIS so that all Global.asax will
be refreshed.

Thanks for your help,

John

 

[Oleg Ogurok]

I think you should use Session to store user's settings.
Global.asax is readonly anyway, so you can't store anything in it.

 

[EijiTek]

I agree with Oleg regarding using the Session object to store the user's
settings. If limiting the application to 1024 concurrent users is mandatory
you could have an Application variable track the number of "current" users
(the value could be incremented in Session_OnStart()) but keep in mind that
you will need to decrement the value in the Session_OnEnd() event and also
be aware of any session timeouts that may occur and the time delay involved
with those timeouts if the user leaves the site without using some sort of
logoff mechanism to terminate the session.

You indicated concern regarding cookies with your statement that reads
"Global.asax does not travel to client PC, therefore there is no security
concern." Global.asax is a server side script for initializing and
disposing application and session data. Global.asax has nothing to do with
or in common with cookies.

My opinion on cookies is that there is no security concern in that they do
not obtain/contain any data that was not provided to the application (ie: I
click here, it records it). Due to the nature of the applications I work on
(Supply Chain Management/Communication), I use client side cookies for
tracking user session data. Your only real alternative to this in ASP.NET
is configuring SQL Server session management (which you indicated that you
wish to avoid).

If you manage the user data properly with the Session object and the
Session_OnStart() and Session_OnEnd() events you should not have to bring
down IIS.

 

[Kevin Spencer]

It is not possible to store anything in "global.asax." This is a class
definition, and as such, has no capability of storing anything in it, other
than the class definition. The first step to using something effectively is
understanding what it is, and how it works.

--
HTH,
Kevin Spencer
..Net Developer
Microsoft MVP
Big things are made up
of lots of little things.

 

[Kevin Spencer]

Let me be a little more helpful here. global.asax is a class definition. The
global class is created at Application start-up, and it has a number of
event handlers (functions that respond to events) which can be defined in
it. As it is a class definition, you can also create additional fields and
properties which are static, and can be accessed by any page in the
application if you wish, although one should be careful of using static
fields, properties, and methods, by understanding what the implications of
such are (e.g. locking static variables when changing because they are not
thread-safe). In the global.asax class definition you can implement code in
the various event handlers that can store data in Application State, Session
State, data store, etc. These other classes exist in various scopes and at
various times. In addition, you have other opportunities to store data in
server-side memory, data store, or on the client, in the form of Cookies.

It may seem like I'm being picky here, but again, understanding what
something is, and how it works, is the key to being able to answer these
types of questions for yourself, which will speed up your programming
tremendously. Often, what seems like a "waste of time" in the short run,
saves you much more time in the long run, and that is what I'm trying to
help you to do.

To find out more about the global.asax class, you can visit:

http://msdn.microsoft.com/library/d...en-us/cpguide/html/cpcontheglobalasaxfile.asp

In addition, the entire Microsoft .Net SDK can be freely downloaded from:

http://www.microsoft.com/downloads/...A6-3647-4070-9F41-A333C6B9181D&displaylang=en

I read it every day!

--
HTH,
Kevin Spencer
..Net Developer
Microsoft MVP
Big things are made up
of lots of little things.

 

[WJ]

Thanks EijiTek for your very good comment. I think cookies is ruled out in
my case, I will have to think more of database storage solution on certain
conditions applied to my applications.

John