All geek questions in one place

How to catch users opening an application from multiple pages

In my web application, some users open the application on multiple browser pages. How can I catch users when they do this?

Change why I need such a thing: I have a variable called DealerID that is portable between pages with a session. Some users want: "While I am doing my tasks with DealerID on one page, I am doing other tasks with a different DealerID on another page"

I tried to explain. Hope this helps.

+4
source share
5 answers

Technically, you cannot find out who opened more than one page ( HTTP without a connection) unless they tell you themselves!

I think this is a matter of executive work (how to do it effectively), and not the best technical solution for protection against unauthorized access. So:

Put some AJAX control ( JavaScript code) on the page, which works as a signaling component from the client and says Blah..Blah ....

Use Session objects ( ASP.NET will take care of the correct session key / value for you, just use it on the server side), and if there are two signals from one client, you hooked (!) Them as you want. It is possible for a powerful user to disable this protection mechanism, but you can increase the price by introducing it more difficult.

I suggest not responding immediately to deception. Tag the user in your business logic and show the account later. It is more efficient, i.e. What is StackOverFlow.com doing :)

+2
source

The real thing you need to focus on is fixing your application to support multiple tabs / pages.

I suggest you save the session data on the application page and restore it when the page sends it back to the server. Thus, each page can use the same session variables to transfer the page together without creating side effects in the system.

Session data should indeed be truly global data that can be referenced without concern. If you have "long-persisting" data that is created with the assumption that only one page will use it, then you will have problems.

+3
source

A session is the wrong thing to use in this case. . You must have a browser instance that tells you what the DealerID is during each request. You can accomplish this using a query string, viewstate, with a drop-down list / field on a page on a page, etc.

Rationale: The session is tied to all browser instances via a common cookie, which causes this problem. A Query String or ViewState or field on the page binds data to a specific instance of the browser window. Using this method, you completely eliminate the problem and use the technology as it was developed.

+3
source

I would attach the token to the objects that you send to the browser and store them in the database with a link to the user and the object they requested.

I would send a token with each request and put it in a hidden field on the page. And then connect the token to any postback using javascript. If the token is returned more than once, you have an extra tab!

+1
source

Given that you want to simultaneously count the number of tabs that a user has opened with your application, the problem is that this is actually not a good way to do this. The best way to do this would probably be to run something locally, but since different browsers are encoded differently, there is no good way to get the headers without knowing which browser it uses and makes an API call to find (if it is available!).

If you just need a basic, rough estimate of what an account is. You can try to configure a cookie when the application loads (loading it on a new tab should cause the cookie to reset) and cross-reference the GUID for each session with an IP address. However, this will never be accurate enough, since several users can be on the same IP address, they can use several browsers, sessions can be time-out, etc.

+1
source

Source: https://habr.com/ru/post/1332514/

More articles:


All Articles