0

I am making a website. On a button click, the JS function named HeavyTask is called. It has an ajax call to the Action Method that will perform a CPU Heavy task on the server. The button looks like this 

<input type="Submit" value="Start" onclick="HeavyTask()" />

But I am worried that someone may press F12, right click any element-> Edit as HTML and inject script like this 

setInterval(HeavyTask, 100);

And cause the server CPU to waste all its processing power and cause website to lag. I tried to do this from chrome. I was able to change HTML Elements, but not able to run this Script. But there may be some browsers/other techniques that will allow. Should I worry about it, or not. If yes, how can I fix this so that user can't call the function for second time until the first call returns. My backend technology is ASP.NET. Thanks

  • You can't *disable* or prevent this. The user can do anything on client-side. But whats the problem? If the user execute it and slows down his system, it is his problem?! – eisbehr Sep 21 '16 at 11:49
  • @eisbehr the cpu heavy task is performed on the server. –  Sep 21 '16 at 11:51
  • You have such a cpu heavy task called from your website? Well, then your appivcation seems not to be well designed. You should not have such task to be executed for/from a website. You should prepare your data before or think about to shrink it. – eisbehr Sep 21 '16 at 11:53
  • @eisbehr I can't disclose anything about my website due to permissions, but I can give an example. Like ideone. It takes code input from user and gives the result after executing it on server. That can be an example of cpu intensive task –  Sep 21 '16 at 11:56

1 Answers1

0

You can't do anything on the client that can't be overridden, but you can stop the process being executed more than once on the server, simply by setting and checking a server-side variable...

public void PerformHeavyTask()
{
    if (Session["HeavyTaskRunning"] == null)
    {
        Session["HeavyTaskRunning"] = true;

        // perform heavy task

        Session.Remove("HeavyTaskRunning");
    }
}

This will allow multiple clients to request the same heavy task, though, and that might not be ideal.

(I've assumed C# on the server)

Reinstate Monica Cellio
  • 25,975
  • 6
  • 51
  • 67
  • yes I want that multiple clients be able execute the heavy function at once, but not again until previous execution has finished. So your code is fine for it. Isn't it? –  Sep 21 '16 at 12:00
  • Yes, it will do exactly that. You may want to make it return something that your script can react to, and maybe tell them to wait till the previous call is complete, but as it is it will stop 2nd execution until the 1st is complete. – Reinstate Monica Cellio Sep 21 '16 at 12:00
  • Hi again. It says "Cannot implicitly convert object to bool". –  Sep 21 '16 at 12:04
  • Sorry - my bad. I've updated it to just check to see if the session variable actually exists, and then remove it after the operation is complete. – Reinstate Monica Cellio Sep 21 '16 at 13:01
  • Hi. while debugging, I saw that the if is always true. I pressed the button and as expected, the if was true and session variable was set. Just after that I pressed the button again and to my surprise, the if was again true even though the previous execution didn't reach the session.remove line. I have tried reading many articles on session, but none of them addresses this issue. Only a person with good experience and knowledge can. So I request you to pls suggest a way out. –  Sep 22 '16 at 05:20
  • You may be trying to use the session when it's not available. What is the call you're making from javascript? (aspx, api, ashx etc..) – Reinstate Monica Cellio Sep 22 '16 at 09:20
  • its an async action method in an mvc controller with string return type, which I process in JS to give the output –  Sep 22 '16 at 09:45
  • Okay, that makes all the difference in the world. An API call in an MVC application is meant to be stateless, so the session storage is not shared between individual calls. [Have a look here](http://stackoverflow.com/questions/9594229/accessing-session-using-asp-net-web-api) for some help on making sessions work. – Reinstate Monica Cellio Sep 22 '16 at 09:53