assumption:
i'm working on asp.net mvc 4 application, use form authentication authenticate users.
when 1 of users logged in web application, can navigate anywhere , perform operations web application let him do.
considering web application interacts other third party system, each user action involve in potential dangerous situation.
example of situation: user opens 2 tabs in ie, goes in same page in can perform update operation (which immediatly sended third party system), , perform edit action in 2 different moments.
indipendently of third party system's behavior, in case of similar situations, web application shouldn't permit user perform actions.
goal
want ui control redirects user when tries navigate same page second time (before leave first page).
i thought tracing each user's access each page.
this, think make ajax call controller (in mvc) on document.ready event , on window.onbeforeunload event. @ each event, controller should read , write user's data in database table.
i noticed once user logged through form authentication, shares session information on different tabs , browser instances (as long @ least 1 open).
are there differences, in terms of information, can intercept, when user navigates on different tabs or browser instances ?
is possible want, without using frameworks signalr (in i'm not expert) ?
i think going wrong way. instead of trying on client side, need doing inside update detect , prevent duplicate operation.
how go depends on how you've structured internals of application.
for example, track update operations performed user, , ensure single update operation can performed.
if user has performed update, post action can perform redirect mention doing via ajax.
whilst signalr used in way attempt prevent double update, trivial user bypass mechanism.
Comments
Post a Comment