What pattern could help to keep track of Session["objectName"] within a Web App ASP.NET MVC?

Question

I want to keep track of User Sessions within my MVC webapp. I know I am doing something wrong because the flow of the programming seems kind of chaotic. Any suggestions? At this point I am trying to verify Session every time I hit a different controller.

    private void VerifiedUserSession()
    {
        int? userID = (int?)Session["UserID"];
        if (userID.HasValue)
        {
            IUsersRepository userRepository = new SQLUserRepository();
            _user = userRepository.GetUser(userID.Value);
        }
        //TODO: Need to create a response for where the session is empty or null;
    }

Answer 1

You should consider the Authorize attribute if you're trying to authenticate/authorize users.

You can implement a BaseController that has a User property and have your controllers extend from it. This way you'll only need this code once.

Additionally, you can override the BaseController's OnActionExecuting method. Within this method, if you can check for an existing User session and, if it doesn't exist, you can set the filterContext.Result property (to anything) to prevent the action from executing. You should probably forward to a login page or something at this point.

Answer 2

I think this is the similar question that I answered recently: http://stackoverflow.com/questions/1710875/better-way-of-doing-strongly-typed-asp-net-mvc-sessions/1711120#1711120