C# - want to use a cookie to limit the time a user get to run a webfunction.

Question

3.00/5 (1 vote)

See more:

I need to find a way to limit my client’s time interval to run a certain web call function.

I wanted to use sever variables but this will not work as there is multiple clients and not running the call at the same time or interval.

So I want to use Cookies or any other way.

The call looks like this:

http://server/javaweb.aspx?getdownload=USERNMAME,PASSWORD&retry=1 (where 0 is new data for last hour and 1 is retry to give last result again)

So now some of the clients setup the call to run every 1 min.. I need to block them to at least every 10 min.

what will be the best way to do this use cookies or server variables please advise

Posted 4-Oct-11 19:49pm

Blaasie

Updated 5-Oct-11 3:01am

Anuja Pawar Indore

v3

Add a Solution

Comments

Tejas Vaishnav 5-Oct-11 3:14am

You said you want to use a cookie and not to use a server variable..
so what happens when client first call method of downloading then and after this he/she cleans his/her cookie and again call that downloading method..

Blaasie 5-Oct-11 3:56am

that will be a problem yes but as I am new to this I would like for the experts to advise me // should I use cookies or do I go the server variable way.

If I sound like I dont know well its because I am quite confused at the moment and need some assistance or a good slap on the backside for not being brite to see the solution.

kennytan_ph 5-Oct-11 7:39am

I think it would be better if you just use Session variable. Store the time in a session variable on the first call. Then compare it with the current time on the succeeding calls.

3 solutions

Solution 1

Use a Session variable e.g.

C#

//declare a new session variable
Session[ "lastrequest" ] = DateTime.Now;

//using the above session
DateTime d1 = ( DateTime )Session[ "lastrequest" ];
DateTime d2 = DateTime.Now;
TimeSpan ts = d2 - d1;

if( ts.TotalMinutes < 10 )
{
    //Continue with request
}
else
{
   //Block request
}

Hope that helps,
Morgs

Posted 5-Oct-11 2:32am

Morgs Morgan

Comments

kennytan_ph 5-Oct-11 8:59am

I would like to add the following check so that the session variable will not keep on resetting every time a call is made.

//declare a new session variable
if (Session["lastrequest"] == null)
Session[ "lastrequest" ] = DateTime.Now;

Morgs Morgan 5-Oct-11 10:14am

A session never resets until it's lifetime is finished not when "a call is made". But yes, you have to check if the session still exists prior to using it. And keep in mind, everytime you build your project/solution, all session variables are cleared by asp.net.

BobJanova 5-Oct-11 11:47am

I think that the question wants to limit calls to at most 1 in 10 minutes, so the if test is backwards, though that is not really clear. Good answer though.

Solution 2

Further to Morgs's answer (which gives you a good technical solution): you absolutely must implement something like this server side. Anything on the client side (basically you only have access to cookies, the URL and hidden fields) can be cleared or modified by a knowledgable user and shouldn't be relied on for anything other than cosmetic user settings (for example themes, time zone, menu configuration etc) where it doesn't matter if the user overwrites them.

Session variables (on the server side) persist for an entire session. This is the best way to control access within one browsing session, or for a site which does not have a login/user system. However, the user can generally still bypass server session restrictions by starting a new session – starting a different browser or clearing the session cookie. The session is a better place to put control than client-side cookies, because the user can't modify them, but they can still clear their session and start a new one fairly easily.

If this is a site which has user control (i.e. a login page or an authentication method to a web service), you should store this type of information against the user. If you maintain your own users table, you can simply add a column for the last time they ran this function; I think you can add custom information to the ASPX users as well, but I don't know how.

Posted 5-Oct-11 5:53am

BobJanova

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Blaasie · Accepted Answer · 2011-10-05T20:03:00

Hi there and thankyou for all the input so far.

I have don the below and it does:
1 x request where session time = 0 ( thus the user can do the call and get a responce.).
the should he request it again with the same session the it will tell him to do it again in 10 min.

if (Session["lastrequest"] == null)
     Session["lastrequest"] = DateTime.Now;
     DateTime d1 = (DateTime)Session["lastrequest"];
     DateTime d2 = DateTime.Now;
     TimeSpan ts = d2 - d1;
 if (ts.TotalMinutes == 0)
 {
 Response.Write(Dogetdownload(Request.QueryString["getdownload"]));
 }
 else
 {
     Response.Write(" Wait 10 Min and open a new session.");
 }

Tested and working well.

But this does not stop the user from opening a new session and do it all again.

Now I need to find a way to limit the user from accessing the system for 10 min after his last request.

The user will do the call:

http://website/javaweb.aspx?getdownload=Username,Password&retry=( 0 or 1 )

0 for new data and 1 for previous requesterd data.

On my search I have come to the conclusion that I will have to set a sever vairiable to set this using a set username / password.

Any sugestions on how to do this not using browser sessions and or any enries to a database ?