views:

345

answers:

2

Currently I have a client and admin webpage. There are multiple users who will login to the client page. While in admin page, when I restored the database inside the admin page, I need to logout all the users who are currently login to the client page. Any ideas how it should be done? My current language using is classic ASP. If it can be done in ASP.NET, its fine too. Thanks.

A: 

Maybe easiest way is to define an Application variable indicating your website in under maintenance and, in every page through a server side include, check that variable and redirect to an appropriate error page.

Rubens Farias
I apologize for not explaining detail enough. The reason of the logout is to get the latest information after the admin has restored the database. So I need to logout all users and reset all the session variables because all my sessions used are old session.
lipkee85
A: 

It really depends what you've cached. If it's data then you can clear the cached data rather than forcing your users to login again.

If it's data or permissions / security change then you could have a setting in your database called SchemaVersion that stores the current version of the database. Each logged in user request to the app could compare the cookie / session version against the one in the database and if it differs to get the client to delete the session / cookie and force a re-login.

According to a Microsoft help article you can reset the session like this:

Session.Abandon(); 
Response.Cookies.Add(new HttpCookie("ASP.NET_SessionId", ""));

And from MSDN you can clear your cookie like this:

if (HttpContext.Current.Request.Cookies["MyCookieName"] != null)
{
    HttpCookie aCookie = HttpContext.Current.Request.Cookies["MyCookieName"];
    aCookie.Expires = DateTime.Now.AddDays(-10);
    aCookie.Value = "";
    HttpContext.Current.Response.Cookies.Add(aCookie);
}

This should force a login, but I haven't confirmed this myself.

So in summary, you can use the ASP.NET Cache to store the db schema version and:

At the start of the page load call a helper class LoginResetHelper.IsDbValid() to see if we need to login again

In the helper class you would ask

if (Cache["SchemaVersion"] == null)
{
   // retrieve schemaVersion from db

   Cache.Add("SchemaVersion", schemaVersion);
}
HttpCookie oCookie = new HttpCookie("ClientSchemaVersion");
if (Cache["SchemaVersion"] == oCookie.Value)
   return true;
return false;

If IsDbValue is true, the continue as normal

If it is false, then call the LoginResetHelper.ResetLogin() and redirect to login page.

In ResetLogin() you would perform the clearing functions I mentioned above

Ezz
so for each page request, I need to connect to the database and retrieve the cookie/session and compare? I do prefer with no connection with the database and force the logout of users.
lipkee85
The SchemaVersion value could be stored in the Cache so no need to call the db each time - just have a page that allows you to make it update. That way when you change the db, you call the web page and the variable is reset.
Ezz
But is the above reset session method works for other users login using their own machine? As I know, cookies/sessions are stored in their own machine, so if I want to clear the cookies/sessions, I need to gain excess to their machine and clear it. Am I right?
lipkee85
It would clear when they made a request, since the server will tell their client to change the cookie to an expired date. You would need to detect if they are attempting to access a page after you have reset the db and redirect them to the login page. When they make this request it would clear the session and cookies.
Ezz
I understand that I need to do checking for each page refresh to check whether the database is restored to a new one. But how do that particular user know that the database is restored? Sorry I do not get the whole scenario works on my brain. Thanks a lot for further explaining.
lipkee85
Check above, I've updated the answer. Also to tell the app that you've restored the database you can create a page that you call when you restore the database - maybe something like `SetDatabaseRestored.aspx`You will need to add a security check to make sure only you can call that page.This is the best way I think since it would take a long time to write functionality to check the db automatically.
Ezz
But still I need to get the latest database schema for each page refresh so that I know that the databse is restored because the schema has changed. Am I right?
lipkee85
No since `Cache["SchemaVersion"]` will have a value, not null...http://www.west-wind.com/Weblog/posts/1214.aspxand here http://msdn.microsoft.com/en-us/kb/kb00323290.aspx#5And you will call the webpage `http://mydomain/SetDatabaseRestored.aspx` manually when you change the db - this page will simply clear the variable `Cache["SchemaVersion"] = null`
Ezz