Home/ Questions/Q 600707
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-13T16:38:05+00:00

Are we doing it wrong? A colleague and I are messing around with an

  • 0

Are we “doing it wrong”?

A colleague and I are messing around with an ASP.NET page to act as a “portal” to view the results from a diagnostic program on a UniData server. Although we do the odd-job of ASP/ASP.NET at work, it is not our primary language.

To access this server, we have to use UniObjects, which is an API for authenticating and using the UniData server.

We needed each user visiting the website to have to authenticate with UniData and get their own session via the UniObjects library, then be able to use it without signing in again (unless the session isn’t used with in ‘x’ minutes).

The method we have come up with is as follows:

We have a singleton with a Hashtable. It maps Windows username with a session object.

If the user goes to our page and ‘username’ doesn’t exist in the Hashtable, it redirects to a login page where the session object is created and added to the Hashtable if authentication succeeds. Otherwise, it grabs the users existing session object from the Hashtable and uses that for the request (unless it has expired, in which case we remove it and redirect to the login page).

Each session object (which is a wrapper object for stuff from UniObjects) has a “lastUsed” method. We need to clean-up user’s sessions since we have license restrictions on users logged into the UniData server, so every time a user gets redirected to the sign-in page, it checks if any sessions have not been used in ‘x’ mins, in which case it closes that session and removes it from the Hashtable. It is done here so users won’t experience any delay related to checking all sessions on every request, only at login.

Something is telling me that this solution smells, but I don’t have enough ASP.NET experience to work out what we should be doing? Is there a better method for doing this or is it actually okay?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Since all of your users seem to be authenticated, I would suggest you think about using a different way of managing session state and timeout.

    Part of the issue you have is that if a user just closes the browser without logging out, or stops using the application, you have to wait until the session times out to kill it off and free up UniObjects for your licensing issues.

    My suggestion is as follows:

    1. Add an invisible IFRAME to your
      MasterPage template, or to each page
      in the site if you aren’t using
      MasterPages.
    2. That MasterPage will
      load a KeepAlive.aspx page, that
      contains a META Refresh, reloading
      the page every 5 minutes.
    3. You can
      reduce the session timeout to 10
      minutes (maybe even 6)

    Now, if a user closes their browser windows, their session times out much quicker than usual, but if their browser window is left open, their session is persistent.

    A code example and walkthrough can be seen here.

    You now need to solution to prevent the user from leaving their browser window open all night and hogging your UniData licences. In this case I would implement a similar methodology, where a stagnant page (i.e. user has done nothing for 20 minutes) is refreshed to a logout ASPX page, clearing the session.

    • 0