Advanced Session State

[Jonathan Wood]

I have a static class member that returns the ID of the current user. When
it is called, it checks if the value is already stored in the session state,
if it is, that value is returned. Otherwise, Membership methods are called
to obtain the ID, that value is stored in the session state, and that value
is then returned.

This appears to work fine. However, I'm now giving users of one type the
ability to "impersonate" another. In this case, I set the ID in the session
state to the user that is being impersonated.

This, too, seems to work. But now I'm worried about application cycling. If
the application cycles and session state is lost while one user is
impersonating another, I'll get all sorts of errors. If that's not enough, I
just read something I didn't quite understand that Session data is not saved
everytime an exception is raised and not cleared. ???

My question is would there be any way to check if this has happened and not
allow things to continue if the ID of the user being impersonated is lost?

Thanks for any tips.

Jonathan

 

[Alvin Bruney [ASP.NET MVP]]

yes, session would be null at that point so a simple test will tell you
this. However, you shouldn't develop code for something that is least likely
to occur. Develop your logic as is and use a combination of exception
handling and if statements to catch the case where exceptions occur such as
null session values.

--

Regards,
Alvin Bruney [MVP ASP.NET]

[Shameless Author plug]
The O.W.C. Black Book, 2nd Edition
Exclusively on www.lulu.com/owc $19.99

 

[Andrew Morton]

session state,.... But now I'm worried about application
cycling. If the application cycles and session state is lost while

If you use out-of-process session state, that problem ceases.

http://msdn.microsoft.com/en-us/library/ms972429.aspx

(Except they've written config.web instead of web.config.)

Andrew