Results 1 to 4 of 4

Thread: [2005]

  1. #1

    Thread Starter
    Addicted Member
    Join Date
    Dec 2006
    Location
    Between Try & Catch
    Posts
    249

    [2005]

    Hi all,

    I am currently developing an internal application that will allow users to apply for a company credit card. I am trying my hardest to prevent a user from submitting more than one application.

    One thing I did is that, if the user reaches the confirmation page, and tries to click the Back button on the browser, the javascript in the card application page will simply go forward one page.

    I also perform a check in the Page_Load event that checks to make sure a user does not already have an application on file before I load the rest of the form. The caveat here is that if someone copies the url as they are one the card application page, submits an app, then immediately pastes the link back in the browser, it will let them fill out another. This is because the Page_Load event doesn't fire. So to remedy this, I added a couple of lines of code (will provide for those interested) in the Page_Load event that will ensure the Page_Load is called each time the form is requested.

    The final thing I would like to accomplish is this. I want to make sure that a user cannot open two seperate windows and submit two applications. In fact, I would like to make it where the user cannot login to the application at all if they already have the app open.

    Is there a check I can perform, maybe in the Page_Load event, that will be able to see if the user already has the app open?

    I would also like to add, just about everyone will be using IE6, so I don't necessarily HAVE to worry about multiple tabs within the same browser, but if someone knows how to block that as well, I'd implement it anyway.
    If my post helped you, please rate it!

    Languages: VB/ASP.NET 2005, C# 2008,VB6
    Databases: Oracle (knowledge not currently in use), DB2

    FROM Customers
    WHERE We_Know_What_We_Want <> DB.Null
    SELECT *
    0 rows returned

  2. #2
    I'm about to be a PowerPoster! mendhak's Avatar
    Join Date
    Feb 2002
    Location
    Ulaan Baator GooGoo: Frog
    Posts
    38,170

    Re: [2005]

    Question - you said this is an internal application. Doesn't this mean that all the users have a windows login for the domain? This in turn means that each user will have a User.Identity.Name available (if you use Windows Authentication) which in turn is unique, isn't it? So I suppose the main question is - why not just restrict the user to one per windows ID and in the page load, simply check whether they've applied already or not and if they have, just show a 'sorry, already applied' message, else show the application form.

    Even in the database, when the data is being submitted, do a check to see if that username has a row in the applications table and do nothing or return a message if that is the case.

    I say this because you can't know for sure if the user has a single window open or multiple windows of the same page open.

  3. #3

    Thread Starter
    Addicted Member
    Join Date
    Dec 2006
    Location
    Between Try & Catch
    Posts
    249

    Re: [2005]

    That's the answer I expected, but didn't want to hear.

    I already perform a check to make sure the user doesn't have an active application, before I even load the credit card application. I'm not performing the check in the function where I do the actual insert though (I do it on the button click), so that's something I may look into.

    The main problem I'm probably going to have is response time. If a user has two windows open, and fills out two apps, and clicks submit on both within a second of each other, there is no way the insert will finish committing on one transaction in time to stop the other from going through as well. This is because each insert statement utilizes a transaction object (three tables have to have rows inserted into them). And only after the insert is successful to all three tables, the data will be committed to the tables. This makes it virtually impossible to keep someone from submitting two apps with two windows open (as long as they click submit on each one fast enough), which is why I was asking if there was a way to just keep the user from logging on to the app if they already had it open in another window. I know how to do it with Windows Forms, just was hoping there was a similar solution for web.

    The problem with the user.identity.name is that the site is run from a webfarm, but we are getting the userid from a header on a different page (the page that SHOULD be directing them to the app login page). Also, even if they have submitted an application, they will land on a UserHome page that will show them the status of any application(s) they have submitted. The only way to lock them out from the app would be to make sure they don't have an active card from this particular vendor, but I'm checking that on the login anyway (they can't login if they already have a card from the new company).

    I just want to make sure I'm doing all I can for this app. I have my one-year eval coming up this month and I want to use this application as a point of negotiation for a full raise.
    If my post helped you, please rate it!

    Languages: VB/ASP.NET 2005, C# 2008,VB6
    Databases: Oracle (knowledge not currently in use), DB2

    FROM Customers
    WHERE We_Know_What_We_Want <> DB.Null
    SELECT *
    0 rows returned

  4. #4
    I'm about to be a PowerPoster! mendhak's Avatar
    Join Date
    Feb 2002
    Location
    Ulaan Baator GooGoo: Frog
    Posts
    38,170

    Re: [2005]

    Put the transaction inside your stored procedure with locks on the rows. That in conjunction with a check for existing rows against the username should get the first transaction go through and the second one to fail.

    I haven't fully understood the problem with the user.identity.name solution, it should still be available if in a webfarm, since you'll have Windows Authentication on. Perhaps you could use the email address @yourcompany.com, assuming everyone in the company has the same email domain.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  



Click Here to Expand Forum to Full Width