0

Hi,

The login method in my ASP.NET MVC page looks something like this : 

Check ModelState
Check Username and password
user = accountModel.GetUser(model.UserName);
this.HttpContext.Session[Biss.Extensions.SessionKey.userContext.ToString()] = new UserContext() { SiteRole = (SiteRoles)user.RoleId, Id = user.Id };
FormsAuthentication.SetAuthCookie(model.UserName, createPersistentCookie);

During development Im rebuilding, restarting the solution alot of times and I have notice the following :

  1. Start website
  2. Login(with method above)
  3. Rebuild soultion
  4. Restart website

Now the User.Identity.Name will still be set but the 

HttpContext.Session[Biss.Extensions.SessionKey.userContext.ToString()]

is null? I supose that the website is restarting when doing a rebuild/restart but how can the User.Identity.Name still be set? How could I handle this?

BestRegards

Improve this question
3
  • Are you restarting the browser too? Or is it possible that it is passing a stale cookie of some sort to the app? Commented Dec 11, 2011 at 10:29
  • @MerlynMorgan-Graham > No I am not restarting the browser, I supose that Membership do use somekind of cookie for this? Commented Dec 11, 2011 at 10:37
  • Haven't debugged such problems before so I'm blissfully unaware of the answer to that question :) But it would be something to check. Commented Dec 11, 2011 at 12:15

2 Answers 2

Reset to default
2

Since you are restarting the AppDomain the session is deleted as it is stored in memory. Think of it that the exactly same thing might happen in your production server. Under certain circumstances IIS could simply restart the application pool: for example after some inactivity or memory/CPU threshold is reached. To avoid loosing your session data you could use an out-of-process session storage so that it doesn't stay in memory. Look at the following article for the different possibilities: http://msdn.microsoft.com/en-us/library/ms972429.aspx

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

As you restarting the web site, you flush out you Session. The state of session is simply gone.

I would recommend to get rid of using Session for such simple scenario as user login. My general answer almost everywhere - do use session if you have very serious reason for that.

You can keep the information about user in database and read it than you actually need.

Improve this answer

5 Comments

But this information could be used several times in diffrent method, I supose I could pass the user information around between mothods? Is this really a better solution?
Maby a singelton with the userInformation could be a better way?
It is better than Session. If you need that several places, consider to create a MVC Filter that would be able to read that info and do something about. For instance allow/disalow access to action depending of user role etc.
No singletones, plz. They would be ruined in exaclty same way as you restart app;
> yes it would if I did not read the userdata if its not already in place. So when checking the singelton I will make a read if there is no data stored. This means that if the service is recycling we would read back the data the first time after the recycling the singelton is used.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.