views:

24

answers:

1

I am using ASP.NET profiles with allowAnonymous="true". I am NOT using ASP.NET membership. I recently took a hard look at the aspnetdb database and noticed that although my site gets 600-800 unique visitors daily, there are 4000-5000 "users" being created in the database.

Clearly what is happening here is the users with cookies disabled end up creating a record for every request.

My question: How do I prevent user and profile database records from being created if the client doesn't support cookies or has them disabled?

+1  A: 

After a lot of research and trial and error, I discovered a solution to this issue. However, this solution does not work for the first request that the user makes because it is impossible to determine if a user supports cookies from only one request.

I came up with a clever solution that uses AJAX to make a second (invisible) request to the server in order to write settings to the profile on the first request, but only if cookies and JavaScript are enabled. Of course, if you are not storing any profile settings on the initial request, it is not necessary to use this. See my other post for complete details.

Imports System.Web.Configuration

Public MustInherit Class AnonymousProfile
    Inherits ProfileBase

    Public Shared ReadOnly Property AnonymousCookieName() As String
        Get
            Dim anon As AnonymousIdentificationSection = CType(ConfigurationManager.GetSection("system.web/anonymousIdentification"), AnonymousIdentificationSection)
            Return anon.CookieName
        End Get
    End Property

    Public Shared ReadOnly Property IsAnonymousCookieStored() As Boolean
        Get
            Dim cookies As String = HttpContext.Current.Request.Headers("Cookie")
            Return Not String.IsNullOrEmpty(cookies) AndAlso cookies.IndexOf(AnonymousCookieName) > -1
        End Get
    End Property

    Private ReadOnly Property IsWritable() As Boolean
        Get
            Return IsAnonymous = False OrElse IsAnonymous AndAlso IsAnonymousCookieStored
        End Get
    End Property

    Private Function IsObjectMatch(ByVal obj1 As Object, ByVal obj2 As Object) As Boolean
        If Not obj1 Is Nothing Then
            Return obj1.Equals(obj2)
        Else
            If obj2 Is Nothing Then
                Return True
            Else
                Return False
            End If
        End If
    End Function

    Public Overloads Sub SetPropertyValue(ByVal propertyName As String, ByVal propertyValue As Object)
        If (Not IsObjectMatch(Me.GetPropertyValue(propertyName), propertyValue)) AndAlso IsWritable Then
            MyBase.SetPropertyValue(propertyName, propertyValue)
        End If
    End Sub

    Public Overrides Sub Save()
        If IsWritable Then
            MyBase.Save()
        End If
    End Sub

End Class

Simply put, this class prevents the profile from being written to or saved if the profile is anonymous and the anonymous cookie hasn't been received from the browser yet.

In order to use this class, put it into the App_Code directory and add an "inherits" attribute to the profile element in the web.config file as follows:

<profile defaultProvider="SqlProvider" inherits="AnonymousProfile">

ASP.NET will then inherit the ProfileCommon class from this one when it is automatically generated.

Note that the AnonymousCookieName and IsAnonymousCookieStored properties were made public shared so they can be used anywhere else in the project like this:

If AnonymousProfile.IsAnonymousCookieStored Then
   'It is safe to write to the profile here
End If

This can save some CPU cycles from executing code that doesn't need to run if the user rejected the anonymous cookie, but isn't strictly necessary because the new profile class will check anyway.

There is also another bug fix included in this sample - the original profile class will be "Dirty" if you set a property to the same value it already contains, which will cause it to update the database even though nothing has changed. There is a check for this condition in the overloaded SetPropertyValue method which fixes this problem.

Public Overloads Sub SetPropertyValue(ByVal propertyName As String, ByVal propertyValue As Object)
    If (Not IsObjectMatch(Me.GetPropertyValue(propertyName), propertyValue)) AndAlso IsWritable Then
        MyBase.SetPropertyValue(propertyName, propertyValue)
    End If
End Sub

Reference: ProfileBase Class (MSDN)

NightOwl888