I have a legacy ASP.NET application in which there are some session/concurrency related issues and inconsistency.
I am looking for the best way to do the re-design/
This is the scenario
A. Multiple users can log on to the site and access/modify a Ticket’s details. However, if a user is already in the process of altering the workflow…the TicketId,UserId are stored in the DB with a time stamp.
B. If another user tries to access the same Ticket while its already being worked upon by a different user. Then, data is accessed from the DB and the most recent user is given a info-box saying that the Ticket is locked.
C. If the initial/locked-in user does a “Sign-Out” the lock is released in the DB. Now, the subsequent user can access with out hassle
All this fine…but if the initial user ..instead of “signing out”…just closes the browser window..the application still remains locked.
How to avoid this ? What is the best design in this scenario?
This is called pesimistic concurrency. You can handle SessionEnd event (but only if you use InProc session) and release the lock on the ticket. The problem is that Session by default expires after 20 minutes. So if you really want to use pesimistic concurrency you have to make session as short as possible but this can affect current user – session can be lost during his work in browser. To avoid this implement javascript timer and some ping javascript / ajax operation which will keep your session alive while the user has the browser opened. If he close the browser without releasing ticket session will expire quickly. There is still disadvantage – if your user close browser and after a while opens new one all his session data will be lost.
Edit: Also this solution does not handle situation where user opens browser, locks the ticket and goes away for 2 hours lunch. If you also want to handle this solution you can combine it with some timeout on ticket activity.