Request to test our asp.net web app

[nemaroller]

Well, two of us here at our small software company have spent the last four months developing a web application for prospective clients, and we are getting to the point where we want to have others (especially fellow developers) to comment on a few things.

First, this is a Report Incident documenting application. Basically, security forces use it to reports incidents of assault, theft, suspicious behavior, fires, etc...

Here is the address:
http://69.128.23.252/Myxolydian/


The user login is asdf, password is also asdf.

The software allows employees of a security firm or organzation (be it casinos, hotels, corporate retail security) to log security - related incidents.

Bear in mind, the web server we have it deployed at is a lowly Win2k server on a PIII ~700 mhz /512meg of ram using a half T1 connection.

The web app is test against only IE5 + right now (none of our clients have had issues with that!) although mozilla compatibility is something we will address down the road.

Anyway, some comments as far as:

Usability

Security (we don't have SSL enabled on the server right now)

Performance


Its a junk server, but please refrain from obsceneties in the reports, because depending on the timeframe for first demo, we may simply reuse the junk data we have out there.

Thank you.

[plenderj]

Wow. Very Cool!

One thing - if you change part of what looks like your session string in the URL you get an error.

[nemaroller]

Thank you plenderj, coming from you, that means alot.

Its based on cookie-less sessions, so it has to pass the session id in the url... users will be trained to never manipulate the url for that purpose.

We have wondered whether we would try launching most of the site chromeless.

In any event, we aren't catching many errors yet, just so we know where the errors are actually occuring.

[hellswraith]

The toolbar on the left side is way to slow. As a user, I would first be impressed because it was annimated, but then after using the system for a while I would grow to hate it. Just think about your users. They will be getting ready to go home, have to log on to do a few things before they can go home, and they have to put up with that slow navigation bar. They are just going to get mad about it. Can you speed it up?

Other than that, I really like it. It seems you have done a great clean design of your application.

One other thing, when you are at the main screen, and you click help, I get a you requested help with item 0.

[nemaroller]

Thanks for that hellwraith....

We have redeployed the project with a higher speed step in the menu.

If you could retry it and see if it made a difference, i would thank you for that.

Our boss had actually complained about that on his machine, but we use p4 3ghz machines for development, so we didn't really have a slowdown on our machines.

As far as the help, yes, I am still wrapping my head around how best to present the help system. I use the helpid as a parameter for which help the user requested.

[hellswraith]

Yes, it is better.

[tal_mcmahon]

Thanks all for the comments,

As you all know it is difficult to look at something you have built with objective eyes. your comments are greatly appreciated

[ARPRINCE]

I logged in was redirected to main page. I then closed my browser (using the "X") and tried to get back in and I get this error:

Code:

Server Error in '/Myxolydian' Application.
--------------------------------------------------------------------------------

Procedure 'MainPageLoad' expects parameter '@fk_User', which was not supplied. 
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code. 

Exception Details: System.Data.SqlClient.SqlException: Procedure 'MainPageLoad' expects parameter '@fk_User', which was not supplied.

Source Error: 

An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.  

Stack Trace: 


[SqlException: Procedure 'MainPageLoad' expects parameter '@fk_User', which was not supplied.]
   System.Data.SqlClient.SqlCommand.ExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream) +723
   System.Data.SqlClient.SqlCommand.ExecuteReader() +41
   CESIReportExec.homepage.Page_Load(Object sender, EventArgs e) +366
   System.Web.UI.Control.OnLoad(EventArgs e) +67
   System.Web.UI.Control.LoadRecursive() +35
   System.Web.UI.Page.ProcessRequestMain() +731

 


--------------------------------------------------------------------------------
Version Information: Microsoft .NET Framework Version:1.1.4322.573; ASP.NET Version:1.1.4322.573

[tal_mcmahon]

Hi,

I knew someone would find that one. We have been chasing that for a while. It seems to be a problem with the session variable cached by your browser.
If you Close the browser then restart it is fine.
We are working on it.

Thanks for the salt in the wound.


Please feel free to Keep Commenting

[nemaroller]

Actually I have it nailed.

The problem stems from how I am handle session state and authentication.

When the user first requests a page from the site, an authenitcation ticket (cookie) is made and appended to each further request and response to that client.

Therefore, if you close your browser, you effectively lose your authentication ticket since I use cookieless authentication. (well, its a cookie, but it doesn't persist anywhere except in the response/requests).

Once you are authenticated, the app looks up your user associated data and assigns them to session state, which gets stored in a temp database in a SQL server.

Now, the problem of course is, if for some reason you're session gets deleted off the database, you have no session values, but you are still authenticated because your browser is still open.

What I probably need to do is store the user data (there are only 3 fields of data per user), inside each of their authentication tickets, and forgo the session state all together.
The optimal solution is still grabbing the session values on session_start if the user already has an authenticated ticket.

[ARPRINCE]

Code:

Procedure 'MainPageLoad' expects parameter '@fk_User', which was not supplied.

I hope this parameter does not show how you feel about the users of your system.

[nemaroller]

Lol.. it stands for Foreign Key.... not the other thing you were thinking of, maybe...