Do you see some errors on here? Problem with Session RRS feed

  • Question


    I have one database (mssql) with two tables (for example).

    --Table 1: 
    USERS (fields: Username, Password, UserID) 
    -- for example, in this table are stored two users
    --Table 2: 
    DATAS (fields: DataID, etc, etc, DataLock)

    When user start editing some record from tbl DATAS, then field DataLock = UserID... otherwise DataLock=0 (when is 0(zero) then record is unlocked).
    If other user try to edit same record, app first perform checking is record is locked (is DataLock=0).


    <sessionState mode="StateServer" stateConnectionString="tcpip=" cookieless="true" timeout="120" regenerateExpiredSessionId="true" />

    module1.bas :

    Dim conn As SqlConnectionDim cmd As SqlCommandDim tds As SqlDataReader

    When user login I use :
    login.aspx :

    OpenDB() 'function stored in module for opening database
    cmd = New SqlCommand("SELECT * FROM Users WHERE Username='" + txtUsername.Text + "' AND Password='" + txtPassword.Text + "';", conn)
    tds = cmd.ExecuteReader
    If tds.HasRows = True Then
        Session.Add(Session.SessionID + "UserID") = tds("UserID")
        'inform about incorrect username and password
    End If 
    CloseDB() 'function stored in module for closing and disposing tds, cmd and connResponse.Redirect("sho

    For listing datas I use GridView, but what I doing see below :
    showdatas.aspx :

    Private Sub GridView1_SelectedIndexChanging(ByVal sender As Object, ByVal e As System.Web.UI.WebControls.GridViewSelectEventArgs) Handles GridView1.SelectedIndexChanging
        Session(Session.SessionID + "DataID") =  CLng(GridView1.Rows(e.NewSelectedIndex).Cells(1).Text) 
        'in column #1 are stored DataID record using RowDataBound
    End Sub

    Private Sub btnEdit_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles btnEdit.Click OpendDB()

    cmd = New SqlCommand("SELECT * FROM Datas WHERE DataID=" + Session(Session.SessionID + "DataID").ToString + ";", conn) tds = cmd.ExecuteReader Session.Add(Session.SessionID + "IsLocked") = False If tds("DataLock") > 0 Then Session(Session.SessionID + "IsLocked") = True CloseDB() If Session(Session.SessionID + "IsLocked") = True Then MessageBoxWindow("Selected record is locked by other user.") 'this sub is stored in module, javascript window, like alter Else 'locking record OpenDB()

    cmd = New SqlCommand("UPDATE Datas SET DataLock=" + Session(Session.SessionID + "UserID").ToString + " WHERE DataID=" + Session(Session.SessionID + "DataID").ToString + ";", conn) cmd.ExecuteNoneQuery

    CloseDB() 'start editing Response.Redirect("editdata.aspx") End If End Sub

    Problem is manifested while opening editdata.aspx.
    If User1 first trigger btnEdit button - editdata.aspx is opened and editing is started...

    If User2 try to open he will be informed by MessageBoxWindow : record is locked.
    But problem is if User2 first trigger btnEdit button; record is unlocked; performing locking record and redirect to editdata.aspx...

    after that, User1 trigger btnEdit button; record is LOCKED!!, but webapp redirect to editdata.aspx.
    And, then I have problem - both user (even when btnEdit button is triggered in different times by those two users) had opened editdata.aspx.

    I don't know, but User1 always can open any record, no mater is that record is locked or not... And that is huge problem, User1 is never informed about locked records and always is able to open and edit record no mater is selected record already locked.

    How to solve this problem ?
    How to avoid opening selected record by other users is that record is locked.

    Is problem somewhere about using Session, i just don't know, so, please, help if you people know how.

    Monday, January 21, 2013 6:39 PM