Click here to Skip to main content
65,938 articles
CodeProject is changing. Read more.
Articles
(untagged)

Tracking Session Changes using HttpModule

0.00/5 (No votes)
24 Oct 2003 3  
A custom HttpModule to display the session data before and after a page request at the end of the page ouput.

Introduction

When I started working in ASP.NET, I was very much excited and impressed with the tracing functionality. Just by adding a single attribute "trace=true" at the page level or by updating the trace section in web.config, each page rendered information (Request Details, Trace Information, Control Tree, Session State, Cookies Collection, Header Collection, Server Variables) after the actual content of the page.

Recently my manager called the whole team for a meeting to voice his concern on session usage by developers. Junior developers used session for everything and they never bothered to clean the session. Session was basically abused by everyone. There is no easy way to identify the number of places where session object is used in code other than searching for the keyword Session in the source code.

The options immediately we had was to use the Trace facility provided by ASP.NET framework or to write our own code just to display the session information.

Problems with ASP.NET Tracing facility

  1. Each time, I need to scroll a lot to locate the Session state section
  2. There is no way to see only session state information

Objectives

  1. Display session state changes during a page request
  2. Reusable code to use in existing and future ASP.NET projects

I found that HttpModule is the right candidate to solve this problem because we can hook to application events raised by HttpApplication object during each page request. HttpHandler is not useful for this scenario because we cannot see the session information along with the page output.

Overview

I defined a class SessionTrace which implements IHttpModule. This module hooks to 2 important application events namely PreRequestHandlerExecute and PostRequestHandlerExecute.
public void Init(HttpApplication ctx)
{
ctx.PreRequestHandlerExecute += new EventHandler(context_PreRequestHandlerExecute);
ctx.PostRequestHandlerExecute += new EventHandler(context_PostRequestHandlerExecute);
}

During the PreRequestHandlerExecute event (which is raised before processing the page), this module captures the contents of the session. During the PostRequestHandlerExecute event (which is raised after processing the page), this module captures the contents of the session again and renders the captured contents in a tabular format.

Sample screenshot

How to use

We need to inform the ASP.NET runtime to hook the HttpModule for each request. This can be done by defining in the configuration file (maching.config or web.config).

 <httpModules>
  <add type="CodeProject.SessionTrace, CodeProject" name="SessionTrace"/>
 </httpModules>

I have included a sample web project which contains the SessionTrace module implementation and also a test page. This project was built using VS.NET 2003.

Improvements

  1. Styles can be applied to improve the look and feel of the output.
  2. Cache object changes can also be monitored. The only difference is cache can be updated even by other requests whereas session is changed only by the current request.
  3. and More...

Fact

After working for more than 2 years in ASP.NET projects, I realized that most of the trace output sections are very rarely used (Request Details, Control Tree, Cookies Collection, Header Collection, Server Variables). Trace messages and session details are used often to debug the applications. Since the Session section comes after Control Tree section (this section may grow very long if your page has controls like DataGrid), each time I have to scroll a long way to see the session information.

ASP.NET trace configuration section does not support adding or removing trace output sections. If the trace details are configurable, then I can include only particular sections of interest to me.

Example

<configuration>
<system.web>
<trace enabled="false" pageOutput="true"  requestLimit="15">
<sections>
<add name="SessionState"/>
<add name="TraceInformation"/>
<remove name="ControlTree" />
</sections>
</trace>
<system.web>
</configuration>

Conclusion

I hope SessionTrace module will be useful to many of you in identifying the culprit who abuses the session in your team and to fix the problems before going to production. "Hats Off to HttpModule".

License

This article has no explicit license attached to it but may contain usage terms in the article text or the download files themselves. If in doubt please contact the author via the discussion board below.

A list of licenses authors might use can be found here