Introduction
In web applications, we use sessions to:
- Check if the user is logged in or not
- Save permission information
- Save temporary data
And some time, we may need to use saved session objects frequently. Here, we will try to centralize our session utility in a single base controller, so that we can use the session objects from other controllers with minimum effort.
Background
Before the beginning, we have to consider some things like:
- We are going to use a single session for full web project, which is a good practice.
- If a controller is session dependent and session is
null, we are going to redirect to a login page. - Not all controllers are session dependent, like
LogOnController and ErrorController. So if the session is null, it would not redirect to the login page, and would render its default.
Using the Code
Here is the base controller for our application, which deals with the session utilities. TSource is the Model type which we want to save in to the session. Now, we can use it in two ways.
- If the controller is not session dependent, we simply avoid the inheritance.
- If the controller is not session dependent, but we are inheriting from the base controller.
Then IsNonsessionController methods nonsessionedController list is important, where we have to specify the names of which controller does not depend on sessions:
public class ApplicationController<TSource> : Controller
{
private const string LogOnSession = "LogOnSession"; private const string ErrorController = "Error"; private const string LogOnController = "LogOn"; private const string LogOnAction = "LogOn";
protected ApplicationController()
{
}
protected override void Initialize(RequestContext requestContext)
{
base.Initialize(requestContext);
if (!IsNonSessionController(requestContext) && !HasSession())
{
Rederect(requestContext, Url.Action(LogOnAction, LogOnController));
}
}
private bool IsNonSessionController(RequestContext requestContext)
{
var currentController = requestContext.RouteData.Values["controller"].ToString().ToLower();
var nonSessionedController = new List<string>() {ErrorController.ToLower(), LogOnController.ToLower()};
return nonSessionedController.Contains(currentController);
}
private void Rederect(RequestContext requestContext, string action)
{
requestContext.HttpContext.Response.Clear();
requestContext.HttpContext.Response.Redirect(action);
requestContext.HttpContext.Response.End();
}
protected bool HasSession()
{
return Session[LogOnSession] != null;
}
protected TSource GetLogOnSessionModel()
{
return (TSource)this.Session[LogOnSession];
}
protected void SetLogOnSessionModel(TSource model)
{
Session[LogOnSession] = model;
}
protected void AbandonSession()
{
if (HasSession())
{
Session.Abandon();
}
}
}
Here LogOnModel is the model which object can be set in to session. And in every controller, we are going to use the base controller like if the controller wants to deal with session.
public class LogOnController : ApplicationController<LogOnModel>
{
}
To set session, or to destroy it on logout, or to get the session from any sub controller, we have to use it like:
LogOnModel model = new LogOnModel();
SetLogOnSessionModel(model);
AbandonSession();
LogOnModel sessionModel = GetLogOnSessionModel();
Limitations
Here, we have worked with single session only. But your application may need to deal with multiple sessions. To do so, we have to make some changes here. If you need anything like this, just knock me, I already made one to serve such a purpose. If I have time, I will post it within a week.
Find the project attachment, which is a VS 2010 solution and contains MVC3 project.
