Click here to Skip to main content
65,938 articles
CodeProject is changing. Read more.
Articles
(untagged)

Session in ASP.NET MVC

0.00/5 (No votes)
27 Jun 2014 2  
Session in ASP.NET MVC

Introduction

In web applications, we use sessions to:

  1. Check if the user is logged in or not
  2. Save permission information
  3. Save temporary data

And some time, we may need to use saved session objects frequently. Here, we will try to centralize our session utility in a single base controller, so that we can use the session objects from other controllers with minimum effort.

Background

Before the beginning, we have to consider some things like:

  1. We are going to use a single session for full web project, which is a good practice.
  2. If a controller is session dependent and session is null, we are going to redirect to a login page.
  3. Not all controllers are session dependent, like LogOnController and ErrorController. So if the session is null, it would not redirect to the login page, and would render its default.

Using the Code

Here is the base controller for our application, which deals with the session utilities. TSource is the Model type which we want to save in to the session. Now, we can use it in two ways.

  1. If the controller is not session dependent, we simply avoid the inheritance.
  2. If the controller is not session dependent, but we are inheriting from the base controller.

Then IsNonsessionController methods nonsessionedController list is important, where we have to specify the names of which controller does not depend on sessions:

public class ApplicationController<TSource> : Controller
{
    private const string LogOnSession = "LogOnSession";  //session index name
    private const string ErrorController = "Error";      //session independent controller
    private const string LogOnController = "LogOn";      //session independent and LogOn controller    
    private const string LogOnAction = "LogOn";          //action to rederect

    protected ApplicationController()
    {           
    }

    protected override void Initialize(RequestContext requestContext)
    {
        base.Initialize(requestContext);
        /*important to check both, because logOn and error Controller should be access able with out any session*/
        if (!IsNonSessionController(requestContext) && !HasSession())
        {
            //Rederect to logon action
            Rederect(requestContext, Url.Action(LogOnAction, LogOnController)); 
        }
    }

    private bool IsNonSessionController(RequestContext requestContext)
    {
        var currentController = requestContext.RouteData.Values["controller"].ToString().ToLower();
        var nonSessionedController = new List<string>() {ErrorController.ToLower(), LogOnController.ToLower()};
        return nonSessionedController.Contains(currentController);
    }

    private void Rederect(RequestContext requestContext, string action)
    {
        requestContext.HttpContext.Response.Clear();
        requestContext.HttpContext.Response.Redirect(action);
        requestContext.HttpContext.Response.End();
    }

    protected bool HasSession()
    {
        return Session[LogOnSession] != null;
    }

    protected TSource GetLogOnSessionModel()
    {
        return (TSource)this.Session[LogOnSession];
    }

    protected void SetLogOnSessionModel(TSource model)
    {
        Session[LogOnSession] = model;
    }

    protected void AbandonSession()
    {
        if (HasSession())
        {
            Session.Abandon();
        }
    }
}

Here LogOnModel is the model which object can be set in to session. And in every controller, we are going to use the base controller like if the controller wants to deal with session.

public class LogOnController : ApplicationController<LogOnModel>
{
}

To set session, or to destroy it on logout, or to get the session from any sub controller, we have to use it like:

/*Set model to session*/
LogOnModel model = new LogOnModel();
SetLogOnSessionModel(model);

/*destroy current session*/
AbandonSession();

/*Shows the session*/
LogOnModel sessionModel = GetLogOnSessionModel();

Limitations

Here, we have worked with single session only. But your application may need to deal with multiple sessions. To do so, we have to make some changes here. If you need anything like this, just knock me, I already made one to serve such a purpose. If I have time, I will post it within a week.

Find the project attachment, which is a VS 2010 solution and contains MVC3 project.

License

This article has no explicit license attached to it but may contain usage terms in the article text or the download files themselves. If in doubt please contact the author via the discussion board below.

A list of licenses authors might use can be found here