//-----------------------------------------------------------------------------------------------------------------------------------------------------------
/// <summary>
/// Probably this is a custom cookie called AnonID ....
/// </summary>
public void SetSessionRequiresHTTPs(HttpCookie seshCookie, string sessionID, bool isLocal)
{
if (isLocal == false &&
seshCookie != null &&
sessionID != null &&
MGLApplicationInterface.Instance().SessionsRequiringHTTPs != null
)
{
// only check if it exists based on the seshCookie, not the session ID
// this should catch for old sessions ...
bool existsAlready = false;
foreach (KeyValuePair <string, string> kvp in MGLApplicationInterface.Instance().SessionsRequiringHTTPs)
{
if (kvp.Key.Equals(seshCookie.Value))
{
existsAlready = true;
break;
}
}
// remove it if it exists
if (existsAlready == true)
{
MGLApplicationInterface.Instance().RemoveSessionRequiringHTTPS(sessionID);
}
// now add it
MGLApplicationInterface.Instance().SessionsRequiringHTTPs.Add(new KeyValuePair <string, string>(seshCookie.Value, sessionID));
MGLSessionInterface.Instance().UseHTTPS = true;
//Logger.Log("XXXXX SetSessionRequiresHTTPs: " + seshCookie.Value + " " + sessionID);
}
}
//---------------------------------------------------------------------------------------------------------------------------------------------------------
/// <summary>
/// Using the OnUnload method for performance benchmarking of pages
/// </summary>
protected override void OnUnload(EventArgs e)
{
// Performance benchmarking ...
DateTime dt2 = DateTime.Now;
TimeSpan t1 = dt2.Subtract(dt1);
string currentPageName = HttpContext.Current.Request.Url.AbsoluteUri;
int currentUserID = (Authorisation.CurrentUser != null) ? Authorisation.CurrentUser.ID : 0;
// 14-Jan-2015 - Get the IP Address
string srcIPAddress = IPAddressHelper.GetIP4OrAnyAddressFromHTTPRequest();
// 11-Mar-2016 - Sanity check - when pages crash, dt1 is not always set so is the null date, so if the difference between dt1 and dt2 is more than one day (!!), use dt2
// 16-Mar-2016 - And reset the timespan so it is sensible, otherwise the average response time queries in view page performance do not work!
// you can find the crashed pages in the db with this query: SELECT * FROM Log_PageRequests WHERE Server_Render_Speed > 63593600000000;
DateTime logTime = dt1;
if (t1.TotalMilliseconds > 86400000)
{
logTime = dt2;
t1 = new TimeSpan(0, 0, 0, 0, 50);
}
LoggerDB.LogPageRequestInDatabase(MGLSessionInterface.Instance().Config, MGLApplicationInterface.Instance().ApplicationName,
Session.SessionID, MGLSessionInterface.Instance().SessionID, currentPageName, dt2, t1.TotalMilliseconds, currentUserID, srcIPAddress);
// Logger.LogError(currentPageName + "Time to build page: " + t1.TotalMilliseconds);
base.OnUnload(e);
}
//-----------------------------------------------------------------------------------------------------------------------------------------------------------
//Create as a static method so this can be called using
// just the class name (no object instance is required).
// It simplifies other code because it will always return
// the single instance of this class, either newly created
// or from the session
public static MGLSessionInterface Instance()
{
MGLSessionInterface seshSingleton;
if (null == System.Web.HttpContext.Current.Session[SESSION_SINGLETON])
{
//No current session object exists, use private constructor to
// create an instance, place it into the session
seshSingleton = new MGLSessionInterface();
System.Web.HttpContext.Current.Session[SESSION_SINGLETON] = seshSingleton;
}
else
{
//Retrieve the already instance that was already created
seshSingleton = (MGLSessionInterface)System.Web.HttpContext.Current.Session[SESSION_SINGLETON];
}
return(seshSingleton);
}
//-------------------------------------------------------------------------------------------------------------------------------------------------------------
/// <summary>Checks whether or not the session has timed out</summary>
/// <returns></returns>
protected bool SessionTimedOut()
{
bool sessionHasTimedOut = false;
//It appears from testing that the Request and Response both share the
// same cookie collection. If I set a cookie myself in the Reponse, it is
// also immediately visible to the Request collection. This just means that
// since the ASP.Net_SessionID is set in the Session HTTPModule (which
// has already run), thatwe can't use our own code to see if the cookie was
// actually sent by the agent with the request using the collection. Check if
// the given page supports session or not (this tested as reliable indicator
// if EnableSessionState is true), should not care about a page that does
// not need session
if (Context.Session != null)
{
//Tested and the IsNewSession is more advanced then simply checking if
// a cookie is present, it does take into account a session timeout, because
// I tested a timeout and it did show as a new session
if (Session.IsNewSession)
{
// If it says it is a new session, but an existing cookie exists, then it must
// have timed out (can't use the cookie collection because even on first
// request it already contains the cookie (request and response
// seem to share the collection)
string szCookieHeader = Request.Headers["Cookie"];
if ((null != szCookieHeader) && (szCookieHeader.IndexOf("ASP.NET_SessionId") >= 0))
{
sessionHasTimedOut = true;
// Finally - if the user is going straight back to the default page anyway, do we care that the Session has timed out?
// No it is irrelevant. Also, and more importantly - this means that we also ignore the case where a user comes to the site, does something
// then goes a way and comes back - after a day or so, it would be surprising to have the session expired notice come up
// 28-Jan-2015 - All this does is pop up a message on the default page to say that the session has expired!
// It does not change any of the other functionality with the logins / security pages ...
if (CurrentPageIsDefaultPage() == false)
{
MGLSessionInterface.Instance().SessionExpired = true;
}
}
}
}
return(sessionHasTimedOut);
}
//-------------------------------------------------------------------------------------------------------------------------------------------------------------
/// <summary>
/// 22-Mar-2016 - This method builds the html to include static resources like javascript and css files.
///
/// We want to move towards retreiving all the JS and Styles from a static resource domain e.g. static.datanirvana.org
/// To do this is fine, but we also want to be able to test using local resources, so lets setup a web config param specifying the static resource path
/// ~/ is the local path and e.g. static.datanirvana.org would be the static path
/// If an external resource we need to choose https or not depending on the current session ...
/// THe resource list will appear like this: "Scripts/jquery-1.11.3.min.js", "Scripts/Site.js", "Styles/Site.css"
/// The Scripts or Styles prefix is critical as this determines which type of resource is referenced.
/// Note that for external resources like maps.googleapi.com still DO NOT include the http / https prefix ...
/// </summary>
public static string BuildStaticResourcesHTML(Page currentPage, string[] resourceNames)
{
StringBuilder str = new StringBuilder();
if (resourceNames != null)
{
//-----a1----- declare all the variables to building these static resources to improve the readability!
string staticResourcePath = MGLApplicationInterface.Instance().StaticResourcePath;
bool minifyJS = MGLApplicationInterface.Instance().StaticJavascriptIsMinified;
string httpPrefix = (MGLSessionInterface.Instance().UseHTTPS == true) ? "https://" : "http://";
//-----a2----- 11-May-2016 - Ok so here, if the SSLError bool in the session is set, then we DONT want to use the external resources as they wont work, so reset to use the local variants
if (MGLSessionInterface.Instance().SSLError == true)
{
staticResourcePath = "~/";
int userID = (Authorisation.CurrentUser != null) ? Authorisation.CurrentUser.ID : 0;
// This may be a little verbose on some sites, but lets keep it in for now to see how often this occurs....
Logger.LogWarning("SSL configuration error detected for user " + userID + " with ipaddress " + IPAddressHelper.GetIPAddressFromHTTPRequest() + " on page '" + currentPage.Title + "'.");
}
//-----a3---- And double check if we need to add a trailing forward slash ....
string dir = (staticResourcePath.EndsWith("/") == true) ? "" : "/";
//-----a4----- 31-Mar-2016 - lets append the JSVersion to ALL static resources, so that we can try to influence clients browsers to automatically refresh after updates
// without having to visit the new DefaultFullReload page - this needs testing!!
// http://stackoverflow.com/questions/32414/how-can-i-force-clients-to-refresh-javascript-files#32427
// lets also remove the . from the version just to make 100% sure we dont confuse any legacy code that splits the file suffix on the last dot (oooops!)
string versionSuffix = "?v=" + MGLApplicationInterface.Instance().JSVersion.Replace(".", "");
//-----b----- loop through the static resources
foreach (string staticResource in resourceNames)
{
//-----c----- Get the relative path to this resource
string tempPath = httpPrefix + staticResourcePath + dir + staticResource;
// 31-Mar-2016 - special case for script files that are built dynamically and accessed from the code directory
// We dont want to get these from the remote resource location, these should always be local....
// Note that we cannot use the default path as this gets reset to the full default path - we always just want to use the simple ~/
if (staticResource.StartsWith("Code", StringComparison.CurrentCultureIgnoreCase) == true)
{
tempPath = currentPage.ResolveClientUrl("~/" + staticResource);
}
// And lets resolve the right relative URL if this is a local implementation
if (staticResourcePath.StartsWith("~"))
{
tempPath = currentPage.ResolveClientUrl(staticResourcePath + staticResource);
}
//-----d----- Build the resource tag!
// 31-Mar-2016 - also include the code prefix here so that the semi-static files for the Information and Map pages are treated in the same way with the v suffix
if (staticResource.StartsWith("Scripts", StringComparison.CurrentCultureIgnoreCase) == true ||
staticResource.StartsWith("Code", StringComparison.CurrentCultureIgnoreCase) == true)
{
//-----e----- Determine whether or not the javascript needs to be minified - if it does then convert the JS at the end to be .min.js if it has not already been set
if (minifyJS == true && tempPath.EndsWith(".min.js", StringComparison.CurrentCultureIgnoreCase) == false)
{
tempPath = tempPath.ToLower().Replace(".js", ".min.js");
}
str.Append("<script src=\"" + tempPath + versionSuffix + "\" type=\"text/javascript\"></script>");
}
else if (staticResource.StartsWith("Styles", StringComparison.CurrentCultureIgnoreCase))
{
//-----f1----- 19-Apr-2016 - we are now also minifying the CSS too - if it does then convert the css at the end to be .min.css if it has not already been set
if (minifyJS == true && tempPath.EndsWith(".min.css", StringComparison.CurrentCultureIgnoreCase) == false)
{
tempPath = tempPath.ToLower().Replace(".css", ".min.css");
}
//-----f2----- Build the styles link!
str.Append("<link href=\"" + tempPath + versionSuffix + "\" rel=\"stylesheet\" type=\"text/css\" />");
}
else
{
// Unusual / unknown static resource ... In fact, most probably an external resource! So lets not amend the staticResource string, we just prefix and dont add the ?v=
// To reiterate - DO prefix with http / https and DO NOT add the version as a parameter ...
// e.g. maps.googleapis.com/maps/api/js?key=MY_API_KEY
str.Append("<script src=\"" + httpPrefix + staticResource + "\" type=\"text/javascript\"></script>");
}
}
}
return(str.ToString());
}
