.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
Sign In
Win Surprise Gifts!!!

Top 5 Contributors of the Month
Post New Web Links

limit ASP.NET User Session without blocking production

Posted By:      Posted Date: August 30, 2010    Points: 0   Category :ASP.Net
 If the Web Site is in production and there are hits from one particular place (Say London!) and the after 1000 (or x) requests, user session should not be allowed. So what to do in such situation without affecting current production site?  Please Advice. Thanks!  

View Complete Post

More Related Resource Links

MS SQL Server: Disconnect Users From Database - Kill User Session

If you ever wanted to restore your database from a SQL backup file (.bak), but there are still users connected to your database, the backup operation will fail causing the error: Exclusive access could not be obtained because the database is in use.

Accessing Session State in a User Control

We have a web site that implements a custom SiteMapProvider using a User Control added in the master page. I need to be able to limit the sitemap nodes added depending on the logged in user, that is, certain users should not see certain sitemap nodes. Currently, the login processing code determines if users are in the certain category or role and then sets a value in session state, for example, Session["UserInRoleXXX"] = "Yes"; I tried changing the code in the user control to check the session state, but I got the following error: NullReferenceException ... Object reference not set to an instance of an object." Can session state be accessed in a user control? If so, how? If not, any suggested solutions? Thanks in advance for any help.

how to redirect user to login page if session is null

i have 2 page,1.login.aspx ---  2.welcome.aspxin my login.aspx im storing username into sesssion as below:Session["usernm"] = txtUsername.Text;in my welcome.aspx  pagein page_load event if (Session["usernm"]==null)        {            Response.Redirect("Login.aspx");        }----- here if i manulally paste the url ( http://localhost:4125/Loginado/welcome.aspx) it should go to  login.aspx for user credentialsbut its going directly to welcome.aspx  page.

Check session timeout and warn user before timeout


I know there are several articles explaining how to warn the user before their session times out, but so far none of them have worked for our scenario, so I'm hoping someone here will be able to help me figure this one out...  Here's what we've got:

Our application uses SQLServer to store session state.  We've got it set to timeout in 60 minutes.  Unfortunately (I fought hard against this, but lost the battle) our application uses popups for several major screens.  So tracking the session timeout on the client side doesn't really work, because I have no idea what window the user is in at any given point.  I've tried the solution where you inject Javascript into the page using the current session timeout on each request, but again, because the user could be actively using the application in a different window, it doesn't work for us.  So I guess I have a couple key questions:

  1. Is there any way to get the timeout for a session without triggering a request to the server, which would just renew the session?
  2. Is there a way to track the session timeout value across multiple windows? 
    I believe there is a limit to the number of "branches" the main window can have in our app.  In other words, the user can only be 2 levels deep from the main/root window, s

User keeps losing Session on Anonymous site?


This code was working before, but something has changed and I don't know what.  I have an anonymous registration page.  On it, I have a CAPTCHA image, with a URL pointing to an ASPX page that is generating the image.  On the Registration page I am generating a 6 digit code to be displayed in the CAPTCHA image, then saving it to a Session variable.  On the CAPTCHA ASPX page, I am grabbing that Session variable and creating the image.  However, the Session is resetting when the CAPTCHA ASPX page is called.  If I debug it, it has a different ID and the variable is gone.

Why is this happening and how can I fix it?  I have Sessions enabled in SharePoint 2007.



Hello Gurus,

The scenario is this. I have 2 fileupload control on a web page and 3 or more concurrent users.

when all 3 users upload at the same time , i got "Entity is too large" displayed on a blank page on 1 of the users and this user can not upload until he goes to a new page to "refresh" and then go back to the upload page again. But if 1 or 2 users uploading, there's no problem.

The file limit is 20 mb per file.

It seems, IIS limits the number of uploading session to just 2 users at a time am I correct?

Environment is IIS 7, Windows 2008,  and .net 3.5 (no ajax on this page)

web config details

    <httpRuntime executionTimeout="8000" maxRequestLength="2097151" />


        <requestLimits maxAllowedContentLength="2147483648" />


I have tried this suggestions


Seeking your prompt advice,

Thank you

How to get current user session in Windows application C#?



I am trying to create a Windows Application similar to facebook friend finder.exe in .NET. The steps I have followed to achieve this is as follows:

1. I have created a webservice containing webmethod SaveContacts(string firstname, string lastname, string number, string photo, string email, string userid).


2. I am consuming the webservice in a Windows Form application and calling the above mentioned function.

Now, I want to get the current logged in user ID which through the windows form application which is something tedious to me.

If anyone have any idea how to achieve this. Please help.






How to limit the user Drawing a polygon inside the canvas -- WPF



      I am drawing a polygon on a canvas and the user is free to resize and reshape the polygon. But i want to limit the user so that the drawing always reside inside the canvas.

I know this can be handled through mouse leave. if someone can help with code snippet?

how to maintain session for multi user application


I am developing a web application. This application is fully customised based on the user settings. Suppose, application hosted on www.abc.com and user can signup on the website and it will get the domain like www.user1.abc.com and for user2 will be www.user2.abc.com so and so forth. so in this case how would I maintain the session for each user?

each user will be representing a single website along with public interface and admin pages. 

what I am thinking is to store all the setting (for each user) in the database and then when ever server received request then get the user info from the URL (first time only and after get it from the session) and get user details but I am not very much satisfied with this approach. 

could anyone recommend me any better way to perform this task please? 


Access the user session from a web method


I want to access the user session from a web method. But when I check for the session object, its nothing! How can I access the current user's session from the webmethod?

My code:

<System.Web.Script.Services.ScriptService()> _
<WebService(Namespace:="http://tempuri.org/")> _
<WebServiceBinding(ConformsTo:=WsiProfiles.BasicProfile1_1)> _
<Global.Microsoft.VisualBasic.CompilerServices.DesignerGenerated()> _
 Public Class DalService
    Inherits System.Web.Services.WebService

  <WebMethod()> _
    Public Function AddFavourite(ByVal locationId As Integer) As Integer
        Dim result As Integer = 0
        If Session IsNot Nothing Then
            'DO SOMETHING
            ReportError("SESSION IS NOTHING!!!!!!!??????", "")
        End If

        Return result
    End Function

End Class  

Killing SQL Server Session as a normal cancelation way in production environment



I have a problem, I'm planning to implement a solution for cancelling queries that could be risky and I need some expert advice. 

I'm using a custom data access .net assembly to execute all queries in the database, and now I've been asked to implement some sort of cancelling functionallity, so if the user press the cancel button, without knowing exactly what query is being executed (usually long lasting queries) it has to be cancelled. I can use the Kill sentence, but the problem is that I need to know which process to kill.

What I'm planning is the following...

As I can control every query executed, I can add a GUID as a comment at the end of each query that could be cancelled, so If the code tries to run the following query "Select top 1000000 from BigTable", I add the comment guid to the sentence ("Select top 1000000 from BigTable --CancelGUID:1234-3456-5678-7890")

Then I provide a method that given a CancelGUID I kill every sql server session that contains that GUID, I get all session with the following sentence:


SELECT req.session_id

FROM sys.dm_exec_requests req

CROSS APPLY sys.dm_exec_sql_text(sql_handle) AS sqltext

WHERE sqltext.text like '%CancelGUID:1234-3456-5678-7890%' 



And then execute Kill for each session_

Storing the user's custom IPrincipal in the cache or the session?


When I first implemented forms authentication I consulted an article that told me to store the user's custom IPrincipal object in the cache.  Is this wrong?  Should I have stored it in the session?

Creating an "exclusive" session for a given user


Creating an "exclusive" session
I need to create an ASP.NET application (written in C#) in such a way that while User #1 is logged in to the application, if someone else attempts to impersonate and login as User #1 from either:
- the same machine, but using a different tab (or window) in the same browser, or .
- the same machine, but using a different browser, or .
- a different machine

Get the unique session for the user



Here's my scenario, a user logs in to the sharepoint site and visits a document library, then I have this webpart that gets the username of the user and stores it in the database, however, my problem is that whenever the user refreshes the browser(press F5), another session ID is thrown to the user meaning, my code will again put the username to the database and it will now have 2 data/record in my database.

What I want to do is that whenever a user visits a document library, the username will be stored in the database once, or until he logs out or after a certain amount of time. and if the user refreshes his browser(press F5) it will not count as a view/hit therefore, the username will not be stored to the database.

I've been trying this with alot of if statements however I cant find a way to handle this. I think i really need your help again.



Can a user's session and their security ticket expire at different times?


Hi there,

If a user's security ticket and session state are configured to expire after twenty minutes, is it possible that one could go before the other? So for example, a user could have access to a protected web page but their sessions has been lost?

Cheers, WT.

Limit access to webpart based on authenticated user


Hello all,

I would like to know if there is any way to programatically limit access to webparts in the selection dialog based on the currently authenicated user. For example, I would like to show a set of 4 webparts for a "common" user and additional webparts for a "supervisor" user.

Thanks - Jeremy

Kill session when user closes the browser



I have a requirement from client that to show the concurrent users.

They are using one username and password at different instances. As we need to track the concurrent users, I have wriiten in Global.asmx file for Session_start and session_End , But still showing a differentt result.


So, we have choosen database and when the user logins successfully , count is tracked in the database. And when user loguts count is decreased.

But, we are facing a problem like when user closes the browser how can we end the session and decrease the count in the database. And if be abruptly when he closes the browser or if session gets timed out count should be decreased.

ASP.NetWindows Application  .NET Framework  C#  VB.Net  ADO.Net  
Sql Server  SharePoint  Silverlight  Others  All   

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend