How should i save a HttpPostedFile

Question

Situation, a user MAY upload a file and MAY trigger the spam filter. If it does trigger the spam filter i save all the post data and show a captcha. If the 'bot' doesnt succeed by the time the session times out the HttpPostedFile data (which includes uploaded file) should discard.

I am assuming i dont want to put the uploaded data into session (it is likely to be a few Kb but may be 20mb+). So how i store/discard this data efficiently and properly

Answer 1

Save the file in a safe directory (no permissions to execute or access from the site), probably with a guid as a filename, then store that guid in session. That way after your captcha you can go back and grab the file from the directory.

You can clean up this directory on success / failures, or also run a job just to remove anything over a certain age.