More Redmond Developer Network Sites >>> RedDevNews.com | ADTmag.com | Events
Close

Practical ASP.NET

Never Lock Records in Web Applications! Never! That Means You!

Seriously, don't. Here are two reasons why record locking is simply a bad idea.

Here's a negative column for you, all about something you should never, never do in an ASP.NET application: Lock records when retrieving records in order to resolve data contention.

My clients often worry about data contention. The scenario they have in mind goes something like this:

  • Sue retrieves a Customer record at 9:00 and makes a change to the CustomerName field.
  • Lou retrieves the same record at 9:01 and changes the CustomerCredit field.
  • Sue clicks her submit button and updates the record at 9:02.
  • Lou clicks his submit button and updates the record at 9:03.

At this point, the ASP.NET DataSources create a problem by updating every field in the record. Because of that default behavior, Lou's update at 9:03 overwrites Sue's change to the CustomerName field saved at 9:02 by using the original data Lou retrieved at 9:01. This is bad. My clients usually suggest that we solve the problem by "locking records when someone retrieves them." This is worse.

It's not an accident that ADO.NET doesn't include any native commands to support record locking: You don't want to lock records in your database, especially in an ASP.NET application.

Record Locking Is Evil: Reason No. 1
The first reason that you don't want to lock records is because it generates extra work for you. Start by thinking about the process for when data is retrieved in an ASP.NET application: The user's request hits your site, your code retrieves the requested record, you embed its data into the WebForm and then send the page down to the user.

Now what happens? The user looks at the screen deciding what to do and the record remains locked. The user may, eventually, decide to do nothing and just hit the submit button -- your record locking was unnecessary and, in addition, you must add code to your page to release the lock.

Or the user may select a choice from one of your menus and navigate to another page on your site. Since the current page's code isn't called when a menu choice (or any hyperlink) is selected, you'll have to set up some system to check for locked records on previous pages and release them.

Alternatively, the user may shut down their browser or wander off to some other site. In either of these cases, no code on your site will execute and the record will stay locked forever. To handle this, you'll need some system that sweeps through your database looking for records that have been locked for "too long" and release them.

So, unless you're being paid by the hour, you want to avoid record locking just because it creates more work for you.

Record Locking Is Evil: Reason No. 2
The second reason that you don't want to lock records is because it reduces the scalability of your application.

There are two reasons for this. First, as more users access your application, the more likely it is that two users will attempt to access the same record. If the first user on the scene has locked the record, then the second user will either have their code idle while waiting for the lock to be released (soaking up resources on the server) or will simply be told that he can't have the requested record.

Either way, your application is supporting fewer users than if you just sent the data to the second user. And remember, a lot of the time, when you lock a record, the user doesn't change anything and you've annoyed the other users for no reason.

The second way that record locking reduces scalability is simpler: Record locking is hard on the database server. Once you start locking records you'll find that just about all of your performance measures get worse even if the number of users doesn't increase.

When it comes to record locking, just say "No."

What Not To Do
But as I noted at the start, because the ASP.NET DataSources update every field in a record, you do need to handle record contention. There are two solutions which I've discussed here and here .

About the Author

Peter Vogel is a principal in PH&V Information Services, specializing in ASP.NET development with expertise in SOA, XML, database, and user interface design. His most recent book ("rtfm*") is on writing effective user manuals, and his blog on technical writing can be found at rtfmphvis.blogspot.com.

Reader Comments:

Fri, May 29, 2009 Dr. Bob Hacker Central Texas

Many apps can solve this locking issue by simply adding records with a datetime time stamp field; space is rarely an issue now with 1Tb hds costing under $100. Relying on user training to solve an app design problem continues to make the IT a hated industry by many honest users!

Sun, Jul 27, 2008 Joe USA

I agree with the author regarding the use of locking to solve the "last guy wins" paradigm, but I wouldn't use locking to solve that problem anyway.

A better design is to keep a version number on the database record and return it to the page when Sue and Lou view the record. When Sue hits the save button, a version number check is made, matching the page version to the database version number. If they match, the update can occur. If they don't match (Lou's scenario), a message is returned to Lou telling him that he is working on an old copy of the data and risks overlaying another user's update.

In some applications, it might be better to force Lou to get the latest copy of the data. In other applications, you may allow Lou to consciously overwrite Sue's data.

If you need to solve the "last guy wins" paradigm, this is a better mechanism to do so.

Fri, Jul 25, 2008 Peter Canada

I'd be hesitant to implement the business rule that "no customer account should be updated by two people at the same time" through record locking (i.e. issuing a command to the database to lock a row in a table). The costs associated with the side effects are just too great. However, if you're talking about managing access to specific records through some non-database functionality, I'd be very comfortable with that. Of course, this is also based on my experience that going around telling users to "be more careful" never seems to get the benefits that I want. Others may find that they have more conscientious users than I'm used to.

Fri, Jul 25, 2008

As with anything, never say never. Locking is appropriate sometimes, e.g. financial applications, why should two users be editing a customer account at the same - they probably shouldn't. Locking is a pain in a web app but if it's needed then there are ways to simplify it.

You wouldn't need anything other than a single method call in any of your UI code to cope with unlocking and the locking code itself can be centralised and written once. Unfortunately users *will* leave locks open, but this is also a training issue when we're talking about business critical systems and the app can easily log who is leaving locks open.

Add Your Comments Now:

Your Name:(optional)
Your Email:(optional)
Your Location:(optional)
Comment:
Please type the letters/numbers you see above

Free Whitepapers

> More TechLibrary