views:

873

answers:

3

What is the best way to limit the number of (concurrent) users accessing a web application that any one can introduce for selling website/application to client and how to increase the number of users accessing it remotely?

A: 

One way would be to track active sessions in a database, and each time a user logs in, check the number of active sessions. If it is below a threshold, let them in, if not, bounce them.

To administer this number remotely, a simple admin form that lets you update the threshold in the database is simple enough.

cdeszaq
+2  A: 

If you use the in-process session state management, you can use the HttpApplicationState class, by introducing the Global.asax file and putting something like this in the code behind:

void Application_Start(object sender, EventArgs e)
{
    Application["ActiveSessions"] = 0;
}

void Session_Start(object sender, EventArgs e)
{
    try
    {
     Application.Lock();

     int activeSessions = (int) Application["ActiveSessions"] + 1;
     int allowedSessions = 10; // retrieve the threshold here instead

     Application["ActiveSessions"] = activeSessions;

     if (activeSessions > allowedSessions)
      System.Web.HttpContext.Current.Response.Redirect("~/UserLimitReached.aspx", false);
    }
    finally
    {
     Application.UnLock();
    }
}

void Session_End(object sender, EventArgs e)
{
    Application.Lock();
    Application["ActiveSessions"] = (int)Application["ActiveSessions"] - 1;
    Application.UnLock();
}

Then, in the UserLimitReached.aspx you would call HttpSession.Abandon() to effectively terminate the current session so it does not count towards the limit. You'll have to figure out the rest yourself. :)

Pawel Krakowiak
Remember that Session_End will not be invoked if your session is stored in registry or SqlServer. Check the comments when you create a new global.asax file that make this clear.
Bernhard Hofmann
A: 

In addition to the previous answers, I think you will need to introduce your own timeout so that sessions aren't left lingering and locked. Rather than use sessions, if you have a login, you can monitor it based on logins and keep them active by recording the most recent activity per user in a dictionary/array. That should make it easy to see which users are using the site, and which are the n most recently active users. If you tie that with the sessions, you could expire sessions used by the least recently active user. The effect of this is that if more than the specified number of users try use the website, some (the least active) will continually need to login. Given the disconnected nature of web apps, I think you may have to allow a certain % of grace so that when limited to 20 users, you actually allow maybe 22 to be concurrently active.

Bernhard Hofmann