All geek questions in one place

Static web method - risk of common values ​​between users

this question is about using a static modifier in an asp.net web form application, I am starting, and although I have never encountered problems with this static “problem”, I am still a little worried about this issue and would like to clarify this.

Recently, I started using Ajax/jQuery POST instead of asp.net 'normal' postback

so that I can use javascript objects and also avoid page refresh when interacting with the server

my question is about ajax post. it uses the static method of returning information to users

some background information about the client code ... (you can go to the server side below if you want)

client side:

HTML

  <td id="TD_Actions_<%=RecordIdSlot%>" class="RepTblDataTds "> <!-- will be used to trigger jquery function instead of asp imageButton that causes a postback <span id="SpanEditRecord"> <img src="img/EditPic.png" style="width:20px;" class="CssClassImgBut_Edit" /> </span> </td>

jquery:

 var SpanEditRecord = $('#SpanEditRecord'); // the trigger span // onclick event post data to code behind SpanEditRecord.click(function () { var Recid = $(this).parent().attr('id').split('_')[2];// takes the Sql table RecordiD var data = []; data.push({ key: 'RecordId', value: parseInt(Recid) }); //usually there more data in "data" var targetUrl = "default.aspx/EditKkRecord"; $.ajax({ type: 'POST', url: targetUrl, data: JSON.stringify({ SentPars: data }), contentType: "application/json; charset=utf-8", dataType: "json", success: function (response) { getResponseFromEditRequest(response.d); }, error: function (response) { alert(response.status + ' ' + response.statusText); } }); }); //handle callback /response from C# server side code function getResponseFromEditRequest(htmlret) { var packagerec = htmlret.split(','); ........ ........ }

and now to the topic under consideration.

C # server side

this part is the question in question is that [WebMethod] is unsafe when used by multiple users? can there be a random use of the same return value because it is a static method?

  [WebMethod] public static string EditKkRecord(object SentPars) { Dictionary<string, string> NwDataDict = new Dictionary<string, string>(); string tmpSQLstr = ""; try { Array aa = (Array)SentPars; foreach (Dictionary<string, object> pair in aa) { NwDataDict.Add((string)pair["key"], pair["value"].ToString()); } } catch (Exception ex) { return ex.Message; } if (NwDataDict.Count > 0) return EditRecordFromtblKupaKtanaDb(NwDataDict); return tmpSQLstr; } static string EditRecordFromtblKupaKtanaDb(Dictionary<string, string> todayKupa) { interact with database; return "comaSeparated - columns values as a string"; }

so can it happen in this case that user a, b and c will call this web method and will use the same return value if they say that they are all trying to edit the same "RecordId"

or even worse (I could think) if they all edit different records and in fact the action can be transferred from the first user ... of the same record ..

when is it really unsafe to use static and is it unsafe in this code?

+4
source share
1 answer

It is safe to run your method as static if it does not depend on static variables that are outside your static method.

Here is an example of how not to use statics in asp.net web applications:

  public static string SaveSomething; public static void DoSomething() { SaveSomething = "something"; //... do more code AnotherAction(SaveSomething); }

First, the SaveSomething string property is set to your value. Meanwhile, this property can be set by another request / user, since it shares this property. Now, if you recall a property and use it for AnotherAction, it may not be the same value as you originally set. If you want to use references to external static variables, you must be sure that these variables are safe to use in this way. Most cases they are read only.

However, you can lock a property using the lock statement:

  public static string SaveSomething; public static void DoSomething() { lock (SaveSomething) { SaveSomething = "something"; //... do more code AnotherAction(SaveSomething); } }

The lock keyword marks the operator block as a critical section, obtaining a mutual exclusion lock for the given object, executing the instruction, and then releasing the lock.

+6
source

Source: https://habr.com/ru/post/1492459/

More articles:


All Articles