Log in

An Approach to Multiple Browser Session Detection

By Ryan at February 02, 2010 10:24
Filed Under: Development
Disclaimer: This is more academic than anything. Ideally you'd want to avoid a design that is flawed with respect to multiple sessions. Careful consideration for this, up front, should be taken to avoid needing a band-aid such as this.


I'm sure we've all worked on, or are aware of web applications (especially in the enterprise) that have tightly bound themselves to the server session. In these cases, it's possible that the session will become corrupted if more than one browser session is open and using the same server session cookie.

I've examined all of the options and found the best way to move forward would be to discourage the use of multiple browser sessions that share a server session cookie. This is only really a problem when a user executes "New Window - Ctrl+N" in IE or the equivalent of "duplicate tab" in other browsers. Essentially we end up with two active browser sessions sharing the same cookies.

So, to discourage this, as it will likely be inadvertent, some kind of warning system should be in place to prevent this behavior. Now, the underlying code should do plenty of concurrency checking to ensure data integrity, but there are some situations where issues can result from viewstate corruption.

A solution that I came to, after finding that the general answer is "it's impossible", was to rely on AJAX to send out "pings" and measure the time between. So, we have a general rule: we "ping" at a certain interval and if the delta between the last ping in the current ping is *less* than the ping duration, we know we have multiple active browser sessions on a single server session.

So, where Pf is ping frequency; Pc is current ping; and Pl is last ping, then we have an error when Pf > (Pc - Pl). 

           p1    p2    p3    p4
TAB1 0-----|-----|-----|-----|---...
                 :     :     :
                 :  p1 :  p2 :  p3    p4
TAB2          0-----|-----|-----|-----|---...
     ^     ^     ^  ^  ^  ^  ^  ^
                  Deltas


----+---+------------
TAB | P |   Delta (Pc - Pl)
----+---+------------                 
 1  | 1 |   5
 1  | 2 |   5
 2  | 1 |   2.5 -Error
 1  | 3 |   2.5 -Error
 2  | 2 |   2.5 -Error

Now, if there is network congestion or other factors, then the delta will be greater than the frequency, ruling out false-positives.

We do have a problem if two tabs are open at the exact same momemnt. But, since the ping frequency is just the frequency at which the requests are made, and not a guaranteed elapsed time, we can assume that soon the two browser sessions will begin sliding out of sync.

In the example, I have the ping frequency set to every 5 seconds. If there are 100 simultaneous users then we're looking at ~20 requests/second for the ping Servlet/HttpModule. To minimize unnecessary network traffic I was thinking that the ping frequency would decay as time went on until a maximum of 20 pings/second was reached. This would amount to ~5 requests/second with 100 concurrent users. This is a trade-off, though, as it will cause a delay in detection. However, once detection occurs, the frequency resets to 5 pings/second until resolved. (These numbers are just as an example; they would vary a based on the environment)

To minimize concurrency and scalability issues, the last ping timestamp for the session should be kept in the session itself. This will allow any distributed session technology to maintain the availability of the session across JVMs or app domains without our ping service needing to be aware of it.

Tags: , ,
Comments (0) E-mail Kick it! DZone it! del.icio.us Permalink Post RSS

Brainstorming: Events

By Ryan at January 20, 2010 17:28
Filed Under: Development

While working on my side project, I’ve spent a lot of time trying to work out the best design. Keep in mind that this is more of a hobby for me, so I’m not trying to rush to publish a prototype to get VC.

I’ve worked in the enterprise application development space for several years, so I’m plenty familiar with separations of concerns. I realized, however, that there’s no good solution for handling the ancillary, “can the current user do X” and “if the current user does X, then do Y”. I’ve addressed this issue a number of ways in the past, none of which was particularly elegant. For instance, I’ve used AOP for cross-cutting concerns, but I found it too hard to test and not quite explicit enough.

So, I realized that these “meta-domain” concerns really aren’t concerns for the domain objects themselves. For instance, the User entity doesn’t care if a link is displayed on the user profile page based on security. In this case we could have a security manager that deals with this, but what if this decision isn’t just based on security, but also user reputation, user history and user profile settings? Do I suddenly need to couple my view-model to all of these managers/services? Do I have to have all of these redundant dependencies for every page? What if I forget one? How do I easily test what will happen?

These are all questions that I felt lacked a good answer. As a response, I created a library that is capable of registering “events” and “event” handlers. These aren’t traditional events, but more like “domain events” in that their scope is the entire domain.

Now, sure, there are other ways of accomplishing this, but my particular set of requirements calls for multiple actions to take place when certain events are fired. I also need to know if I can execute a given event, which makes them more than just fire-and-forget.

I had several requirements for my design: it had to be easy to use and understand, it had to play well with an IoC container, it had to be testable and it had to be as type-safe as possible. What I came up with seems to have accomplished all of these, though I haven’t put it to use just yet.

Here’s a snippet from one of the tests that illustrates one of the use cases. The AddNew method is defined on the IMockEventHandler interface. This returns a ValidationResult indicating whether or not the AddNew event can be called in the given MockContext based on all IMockEventHandler objects. 

   1:  var result = eventManager.For<IMockEventHandler>()
   2:                           .In( new MockContext() )
   3:                           .Where( x => x.GetType().FullName.Contains( "Mock" ) )
   4:                           .Where( x => x.EventSourceType == null )
   5:                           .Validate( x => x.AddNew( "s" ) );

Typically the Where criteria won’t exist, they’re just there for flexibility.

So from the code snippet you can see some of the opportunities it presents. Say I have the following: 
   1:  public interface IOrder {
   2:      void ShipOrder( string orderNumber );
   3:  }

   1:  public interface IOrderEventHandler {
   2:      HandlerResult ShipOrder( string orderNumber );
   3:  }

I expect to call something like this: 
   1:  var result = eventManager.For<IOrderEventHandler>()
   2:                           .In( currentContext )
   3:                           .TryExecute( x => x.ShipOrder( orderNumber ), exec => { 
   4:                              currentOrder.ShipOrder( orderNumber );
   5:                            });

This will execute the given code if, and only if, the HandlerResult of the ShipOrder event handler returns HandlerResult.Success. The variable, result, will hold the HandlerResult so I can take action based on the result (throw an exception, rollback a transaction, etc.)

Now, from the UI perspective, we can have a special UI event handler: 
   1:  public interface IOrderUIEventHandler {
   2:      HandlerResult DisplayDelete();
   3:  }

In the backing model, I can lazy load the permissions: 
   1:  public CanDisplayDelete { 
   2:     get {
   3:        if( _displayDelete == null ) {
   4:           _displayDelete = false;
   5:           var result = eventManager.For<IOrderUIEventHandler>()
   6:                                    .In( currentContext )
   7:                                    .Validate( x => x.DisplayDelete() );
   8:           
   9:           if( result == HandlerResult.Success ) {
  10:              _displayDelete = true;
  11:           }
  12:        }
  13:        return _displayDelete;
  14:     }
  15:  }

The key, of course, is for the event manager to be extremely fast. I have tuned the hell out of it from a library persepective, but until I get it in a real application, I don’t have much to go on, but I expect the performance to be negligible. The only area where I need to be cautious is in the design of the event handlers themselves.

I also expect to fine-tune the syntax as it's a little "wordy" for me. I expect that I should be able to optimize the syntax down to a single-line evaluation: 
   1:  eventManager.Validate( x => x.DisplayDelete() );

As I said, once I start using it, I'll be more apt to tune it.

EDIT: To be clear, this design is meant to address a particular problem: there may be a lot of entities interested in particular events and the decisions made may require input from multiple sources. This is not meant to delegate all functionality or business logic to event handlers.

Tags: , , ,
Comments (0) E-mail Kick it! DZone it! del.icio.us Permalink Post RSS

Current Progress and The Epiphany

By Ryan at December 03, 2009 11:09
Filed Under: Development

It's been about two and a half weeks since my last post.  My project is coming along nicely; I've written a total of about 100 lines of code.  I've spent at least an hour, every day, working on some aspect of the site.  I guess my point is to illustrate how much planning needs to occur before you even write a single line of code.

I think of every application as the creation of building blocks for my next application.  Given this, I tend to labor over the details to ensure that I'm creating a solid framework and not just a one-off web site. While I'd agree with anyone that labeled me as neurotic or obsessive-compulsive, I think this kind of mentality bodes well for a programmer.  

I see programming as a craft, and, as such, I'm always looking for ways to better myself.  In an effort to "future-proof" my design, I'm forced to bring in new technologies and push myself out of my comfort zone (though I'm never really comfortable stagnating.)


One example of this is my epiphany with regards to test-driven development (TDD) (or behavior-driven development.)  See, I find myself stuck in traffic for at least an hour every night.  During this time, my radio is either off or playing a programming-related podcast.  As of late, I've listened to all my podcasts, so it's just me, the road, and my thoughts (and thousands of other motorists).

So, as I'm working through a particular aspect of the framework of my application in my head, it suddenly clicks: this is a perfect place for TDD.  You see, my mind kept wanting to traverse the tree of functionality all the way to the leaf nodes, but right now I only really need to set the stage/build the trunk for those nodes.  I was spending all of my brain power trying to decide how to flesh out the entire design, when I had a solid starting point that could/should be the focus right now.

When following the single-responsibility and open-closed principles TDD is just a perfect fit.  You can create your "trunk" and then mock out all of the nodes.  You create the nodes later and test them independently.  Suddenly, it all made sense.

You see, prior to now, my development workflow was never compatible with the TDD workflow.  I was always trying to make sure I had all my nodes in good order, then put the trunk together (or some amalgamation of that.)  While I've always fully embraced unit testing, I never bought into the test-first pattern.  But, it occurred to me, that it's not "test-first" its more "behavior-first" or "foundation-first."

This epiphany would have never struck me if I hadn't spent the last couple of weeks writing some test code and trying out Moq for the first time.  Once I started to see what these tools offered, I realized the development friction would actually be lessened by viewing the application's development with a TDD bent.  Then, with enough mind-numbing focus during my time in traffic, all of the puzzle pieces fell into place.

I have to say, this new perspective has added a new level of excitement to my development; it's empowering.

With that, I've settled on a tech stack:

  • MS Windows Server 2008 R2
  • MS SqlServer 2008
  • ASP.NET MVC 2 (beta for now)
  • nHibernate
  • Fluent nHibernate
  • Moq
  • MS Testing Framework (I like the integration with the IDE)
Now, my choice to use nHibernate is the topic of another discussion.  I have always been firmly against OR/Ms, but nHibernate impressed me so much that I decided I couldn't go wrong - as long as I take to the time to understand how nHibernate is expected to be used.  

I will say that I started down the LINQ path with great enthusiasm, but it really had all of the bad elements of an ORM and none of the good.  I can't live in a world with out POCOs, sorry.  I will not "work around" any library - they are supposed to help make things easier, not bleed their abstraction all over your code. *stepping off my soapbox*

Perhaps I'll go into my decision to use nHibernate after I get some hours behind the wheel so I can reflect on my decision.

 

 

Tags: , ,
Comments (2) E-mail Kick it! DZone it! del.icio.us Permalink Post RSS

Display Placeholder

By Ryan at October 21, 2009 10:55
Filed Under: Development

Whilst playing with MVC 2, I came upon the need to display an element that I could later replace as the result of an AJAX callback.  Starting with the DisplayFor<> HtmlHelper extension, I found that it simply outputs the given value as a string, with no way to later replace it.  I could create a custom display template, but I wanted more fine-grained control.

So, I decided that needed some way to create a display element wrapped in a <span> tag.  With a <span> tag and an id, I would be able to display the model-bound data, but later replace it as the result of a AJAX callback.

This is what I came up with:

   1:  /// <summary>
   2:  /// Creates a placeholder element displaying the value given by <paramref name="display"/>.
   3:  /// </summary>
   4:  /// <typeparam name="TModel">The type of the model.</typeparam>
   5:  /// <typeparam name="TValue">The type of the value.</typeparam>
   6:  /// <param name="html">The HtmlHelper being extended.</param>
   7:  /// <param name="display">The property from the model to display.</param>
   8:  /// <returns>An <see cref="MvcHtmlString"/> containing the display value wrapped in a &lt;span&gt; tag</returns>
   9:  public static MvcHtmlString PlaceholderFor<TModel, TValue>( this HtmlHelper<TModel> html, Expression<Func<TModel, TValue>> display ) {
  10:   
  11:     return PlaceholderFor( html, display, null );
  12:  }
  13:   
  14:  /// <summary>
  15:  /// Creates a placeholder element displaying the value given by <paramref name="display"/>.
  16:  /// </summary>
  17:  /// <typeparam name="TModel">The type of the model.</typeparam>
  18:  /// <typeparam name="TValue">The type of the value.</typeparam>
  19:  /// <param name="html">The HtmlHelper being extended.</param>
  20:  /// <param name="display">The property from the model to display.</param>
  21:  /// <param name="htmlAttributes">The HTML attributes.</param>
  22:  /// <returns>An <see cref="MvcHtmlString"/> containing the display value wrapped in a &lt;span&gt; tag</returns>
  23:  public static MvcHtmlString PlaceholderFor<TModel, TValue>( this HtmlHelper<TModel> html, Expression<Func<TModel, TValue>> display, IDictionary<string, object> htmlAttributes ) {
  24:   
  25:     ModelMetadata metaData = ModelMetadata.FromLambdaExpression( display, html.ViewData );
  26:     TagBuilder tag = new TagBuilder( "span" );
  27:     tag.GenerateId( metaData.PropertyName );
  28:     if( htmlAttributes != null ) {
  29:        tag.MergeAttributes( htmlAttributes );
  30:     }
  31:     tag.SetInnerText( Convert.ToString( metaData.Model, CultureInfo.CurrentCulture ) );
  32:     return MvcHtmlString.Create( tag.ToString( TagRenderMode.Normal ) );
  33:  }

Tags: , ,
Comments (2) E-mail Kick it! DZone it! del.icio.us Permalink Post RSS

ASP.NET WebForms vs MVC

By Ryan at October 06, 2009 08:23
Filed Under: Development

This is from an email that I sent out trying to elaborate on why I chose MVC over WebForms for my latest side project.

I wanted to come back to the discussion we had yesterday about the differences between MVC and WebForms.  I don't dislike WebForms, they have their place, I just feel that they are more suited to a form-centric, "business application"-type web application.  I suppose this is because WebForms do a good job of collecting data in a simple way; public websites need to provide a more rich user experience (to meet current user expectations) that seems to be difficult to achieve out-of-the-box with WebForms.

I see WebForms as a component-based model, where MVC is an object-oriented model.  As such, we've seen the ViewState in WebForms require lots of work-arounds in the [our legacy code], for example, because as soon as you try to combine the object-oriented world with the component/event-driven world, there's a mismatch.

Now, as I see it, the decision to use MVC will mean that we lose

  • Drag-and-drop page construction
    • As we've seen, you lose that pretty fast as soon as you do anything half-complicated. 
  • ViewState, but, as we've seen, this has caused problems and required work-arounds in the past.
    • We don't lose statefulness, just the viewstate and the goofy generated IDs
  • Solid componentization
    • There are components and reusable UI elements in MVC, but not a solid as WebForms
  • The abstraction of HTML and CSS
    • Sorry, you'll need to know HTML and CSS, but I'd argue that you SHOULD know HTML and CSS if you want to call yourself a web developer (unless you only want to ever work with webforms, only in .NET - why would you limit yourself?)


On the flip-side, we'll gain:

  • More consistent object-oriented development
    • Better testability (find a bug, fix it once, and have a test to make sure it never shows up again, BDD)
    • Better decoupling/separation of concerns
  • More control over presentation
    • More granular control over markup
    • Better statefulness (using client-side javascript and AJAX)
  • More marketable skills
    • Knowledge of another Microsoft framework
    • Better knowledge of what good HTML looks like
    • Better understanding of CSS
    • Better understanding of the DOM
    • Better understanding of cross-browser compatibility
    • Better knowledge of how HTTP actually works ;)

Lastly, since you've made me do it, remember those Telerik controls that we used for [the last revision of our .NET app]?  Yeah, they'd work with MVC too:

http://www.telerik.com/products/aspnet-ajax.aspx

Microsoft ASP.NET MVC - ready
With RadControls you no longer have to stick with simplistic UIs in your MVC Views. Telerik UI controls support Microsoft MVC and allow you to combine the testability and separation of concerns of the emerging technology with the richness of traditional ASP.NET server controls. See demo or visit our MVC Forums

Hopefully this has convinced any skeptics that the decision to ASP.NET MVC is a good one.

Tags: ,
Comments (1) E-mail Kick it! DZone it! del.icio.us Permalink Post RSS

Building a New Site

By Ryan at October 05, 2009 21:00
Filed Under: Development

I working on building a new website in my spare time.  I've decided to use this opportunity to play with ASP.NET MVC.  I put together a long list of pros and cons for ASP.NET WebForms versus MVC; perhaps I'll post it.

 

Anyway, when I started laying the groundwork, I went with the RTM version of MVC (v.1), but I was too compelled by the upcoming of features of v2 that I decided it makes sense to throw caution to the wind and lay down the UI framework with it.

 

I haven't had a chance to really dig into the MVC framework; thus far it's been all backend code.  Every now and again, you've got to start an application from scratch to make sure your you're keeping your skillset fresh.  The hardest part of being a developer is creating something from scratch.  After the initial creation, it's just a matter of plugging in functionality and fixing bugs.

 

I will try to treat the blog like a journal for my adventures with MVC, and any website launches that may, or may not, be on the horizon.

Tags: ,
Comments (0) E-mail Kick it! DZone it! del.icio.us Permalink Post RSS

About Me

thumbnail I'm a software developer currently employed by Pearson (PSO/PSON)* where I work with, my passion, .NET.  I have (close to) two decades of programming experience and I'm constantly trying to learn new languages, technologies, practices, etc.

 

Disclaimer

* Emerle.net is owned and operated by Ryan Emerle. The views expressed on this blog are his personal opinion and do not necessarily reflect the views of his employer or clients.

The same holds true for comments posted to Emerle.net; they are the comment posters' personal opinion and do not necessarily reflect Ryan Emerle's views or the views of Ryan's employer or clients.