Locking Users Out of a Web Process

I had a client that wanted to only allow one user to maintain an order record at any given time. When a user is in an order we will set a field to the user that is using the order so we can tell anybody being locked out who currently has the lock. For some applications it is fine to simply set this lock in one location where the user enters the order and unset the lock in another location when finishing the order. Similarly to WebSmart’s Change Management, we know this can often result in orphaned locks over time if the browser is ended abnormally. In this case even the simple act of the user closing the browser will not trigger the unlock.

Not only does the client not want orphaned locks if the browser is closed but in the future the order process will be entered from multiple places and exited from multiple places. Also, the order process contains many pages. Because of these factors I decided it best to add a JavaScript file to each page considered a part of the order process that would lock the order onload and unlock the record on every unload.

There is one gotcha with this approach though. For some reason in Chrome right now the “unload” event is not working for this code. Because of this we need to use ‘window.onbeforeunload’ instead.

Here’s the JavaScript code mentioned in this article: (note that data such as order number are stored in smurfs)

xl_AttachEvent(window, “load”, WindowLock);
//xl_AttachEvent(window, “unload”, WindowUnlock);
window.onbeforeunload = WindowUnlock;

function WindowLock()
{
// Lock this order if an order number exists
$.ajax({
url: “ts_ordlock.pgm”,
type: “POST”,
data: “task=lock”,
success: function(){
}
});
}

function WindowUnlock()
{
// Unlock this order if an order number exists
$.ajax({
url: “ts_ordlock.pgm”,
type: “POST”,
data: “task=unlock”,
async: false,
success: function(){
}
});
}

3 thoughts on “Locking Users Out of a Web Process

  1. Jyoti Raj

    Do you have a working example of this ?? What would happen when the user is locked out ?? grayed out input box ?? What sort of code is execute with the PML code in Task – Lock and Unlock ??

    Thanks
    Jyoti

  2. Thomas Howe Post author

    For this particular client the locking out of a second user was not essential to the security of the application, it is just meant as a warning to a second user so they know to communicate with the locking user to make sure they are done. When the second user goes to open a locked order they will be prompted with a JQuery UI dialog box that informs them that the record is locked by user “BLAH”. They can then choose to back out or continue into the order which in turn makes them the one locking it. This is very similar to WebSmart Change Management when you reset a definition to available except less clicks.

    The code in the article is still vulnerable to orphaned locks if the PC crashes for example.

    The lock/unlock PML code is just setting a field in the order header file to say what user is locking the order (blank is no lock):
    func lock()
    {
    sqlexec(“UPDATE ORDERHDR SET OHLCKUSR = :OHLCKUSR WHERE OHORD# = :OHORD# with NC”);
    }

    func unlock()
    {
    sqlexec(“UPDATE ORDERHDR SET OHLCKUSR = ” WHERE OHORD# = :OHORD# with NC”);
    }

    Here’s the JavaScript for when we need to check for the lock and output the dialog:

    $.ajax({
    url: “ts_ordlock.pgm”,
    type: “POST”,
    data: “task=checklock&ordershow=” + ordershow + “&ordernum=” + ordernum,
    success: function(lockedBy){
    if ( lockedBy == “” )
    {
    window.location = “ts_custord.pgm?task=goEditOrder&order=” + ordernum;
    }
    else
    {
    confirmDialog({
    title : “Open Order?”,
    html: “This order is currently opened by: ” + lockedBy + “. Would you still like to open it?”,
    confirmButtonText : “Yes”,
    onConfirm : function() {
    window.location = “ts_custord.pgm?task=goEditOrder&order=” + ordernum;
    }
    });
    }
    }
    });

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>