0

Hello guys I am trying to make restriction on my WebApp that runs on VB.net with framework Asp.net. In another words, how can I Control the permitted number of sessions.

The WebApp works perfectly and now I want to add "How many users can access the WebApp" if Number of users "Sessions" exceeded the new coming users will be redirected to a site.

I have been working on this for few weeks... tried Cookies and Seasons and neither is working

Scenario: Maximum users can access the WebApp is 1

when I launch the second Browser and start new session the UserNumber will be incremented by 1 hence will be redirected to "ServerBusy" page...

However, If the second Browser opened new tab and accessed the WebApp that will bypass the Condition at Session_Start and will access the WebApp .

Thank you.

here is the Code

Imports System.Web

Public Class Global_asax
Inherits System.Web.HttpApplication
Public Shared maxUsersAllowance As Integer = 1 'Total number of users can enter the server
Public Shared UserNumber As Integer = 0 ' the current number of users

Sub Application_Start(ByVal sender As Object, ByVal e As EventArgs)
    ' Fires when the application is started
End Sub

Sub Session_Start(ByVal sender As Object, ByVal e As EventArgs)
    UserNumber = UserNumber + 1
    Dim myCookie As New HttpCookie("UserNumber")
    Dim myCookie2 As New HttpCookie("Access")
    myCookie.Value = UserNumber
    myCookie2.Value = True
    Response.Cookies.Add(myCookie)
    Response.Cookies.Add(myCookie2)
    If (Request.Cookies("UserNumber") IsNot Nothing) Then
        If (Request.Cookies("UserNumber").Value > 1) Then
            If (Request.Cookies("Access").Value) Then
                Response.Redirect("~/ServerBusy.aspx")
            End If
        End If
    End If

End Sub

Sub Application_BeginRequest(ByVal sender As Object, ByVal e As EventArgs)


End Sub
Sub Application_AuthenticateRequest(ByVal sender As Object, ByVal e As EventArgs)
End Sub

Sub Application_Error(ByVal sender As Object, ByVal e As EventArgs)
End Sub

Sub Session_End(ByVal sender As Object, ByVal e As EventArgs)

End Sub

Sub Application_End(ByVal sender As Object, ByVal e As EventArgs)

End Sub

Sub Application_Init(ByVal sender As Object, ByVal e As EventArgs)

End Sub
Sub Application_Dispose(ByVal sender As Object, ByVal e As EventArgs)

End Sub

Sub Application_Unload(ByVal sender As Object, ByVal e As EventArgs)

End Sub

End Class

After Reading Article https://stackoverflow.com/a/6218525/1260204 and Updating the code, the Issue still exist which is that the User Can get into the WebApp if he open new Tab on the browser and connected

Imports System.Web

Public Class Global_asax
Inherits System.Web.HttpApplication



Sub Application_Start(ByVal sender As Object, ByVal e As EventArgs)
    ' Fires when the application is started
    Application("ActiveSessions") = 0
End Sub

Sub Session_Start(ByVal sender As Object, ByVal e As EventArgs)

    Try
        Application.Lock()

        Dim activeSessions As Integer = CInt(Application("ActiveSessions")) + 1
        Dim allowedSessions As Integer = 1
        ' retrieve the threshold here instead
        Application("ActiveSessions") = activeSessions

        If activeSessions > allowedSessions Then
            System.Web.HttpContext.Current.Response.Redirect("~/ServerBusy.aspx", False)
        End If
    Finally
        Application.UnLock()
    End Try
End Sub

Sub Application_BeginRequest(ByVal sender As Object, ByVal e As EventArgs)


    Dim LiveSessionsCount As Integer = CInt(Application("LiveSessionsCount"))
End Sub
Sub Application_AuthenticateRequest(ByVal sender As Object, ByVal e As EventArgs)

End Sub


Sub Session_End(ByVal sender As Object, ByVal e As EventArgs)

    Application.Lock()
    Application("ActiveSessions") = CInt(Application("ActiveSessions")) - 1
    Application.UnLock()


End Sub

End Class

Update, I have solved the Issue with the Tabs. by adding Session.Abandon() In my redirected page. However that is half solution as far as i can get to... the other half is , if the user closes his browser by the X , I do need to wait 20 minutes until the session ends ... is there a away to terminate the session once the user exit/kill the page?

Community
  • 1
  • 1
HoneyDipper
  • 63
  • 12
  • I would recommend you look into something like a load balancer (hardware solution). Web applications should ideally be stateless. This is also true with asp.net. How will you know that a session is even active? Someone could execute some action and the session would be incremented and then not do anything for 30 minutes. If you want to ignore that then take a look at this previous SO question [How to count sessions in asp.net server application](http://stackoverflow.com/a/6218525/1260204) – Igor Jul 21 '16 at 17:07
  • I thought about making Response.Redirect("~/ServerBusy.aspx") When the seasson is dead to force the user to login again. and thanks for the link, i will look into it and give you a feed back – HoneyDipper Jul 21 '16 at 17:26
  • I have updated my question please check it out @Igor – HoneyDipper Jul 21 '16 at 17:39
  • What version of .Net are you in? – MrGadget Jul 21 '16 at 18:47
  • @MrGadget I am at Framework 4 – HoneyDipper Jul 21 '16 at 18:50
  • This is now about trying to make a stateless environment work like a desktop app. You can configure IIS to discard the session after 1 minute instead of 20 and put a javascript on your pages that will do a callback to your server every 30 seconds to keep the session alive. When user closes the browser, the callbacks stop, and in a minute the session dies. – MrGadget Jul 22 '16 at 00:37

0 Answers0