Hi.
I have some questions about session management.
I have decided to use a custom session manager class to have more control over session state in my web site. I have started out by using Stephan Prodan's Session Class here. You'll need to take a look to get a sense of what I am talking about.
1) My first question pertains to how I persist and access my session information after a user authenticates (or doesn't). In his example, sessions are created upon login / authentication as such:
// Create new instance of session manager
SessionManager<WorkbookProfile> sessionManager =
new SessionManager<WorkbookProfile>(10);
//Register timeout event
sessionManager.OnEntryTimeout +=
new SessionEntryTimeoutDelegate<WorkbookProfile>(sessionManager_OnEntryTimeout);
// Get the user's profile
UserProfile profile = UserProfile.GetUserProfile(_membership.GetUserNameByEmail(Login1.UserName));
//Log profile & start session
sessionManager.startSession(ref profile);
//Store on the session a user's object
sessionManager.SetData("MyData", "UserObject", user.SessionId);
OK, I understand the above code. What I don't completely understand is how I can access session information as users interact with the system. For example, take the below code:
public partial class MyClass : System.Web.UI.Page
{
private UserProfile _profile;
private SessionManager<UserProfile> _session;
protected void Page_PreInit(object sender, EventArgs e)
{
_session = new SessionManager<UserProfile>(10);
}
protected void Page_Load(object sender, EventArgs e)
{
string UserName = sessionManager[profile.SessionId].UserName;
_profile = UserProfile.GetUserProfile(UserName);
}
}
In the above code I need to pass the user's UserName to to the `GetUserProfile method in order to create an instance of the authenticated user's profile. But, I need to have the profile object to access the SessionId. Sort of a Catch 22. What am I doing wrong here? How should I be accessing session and profile information for each new page the user visits?
2) the importance of the database when using sessions?
My second question relates to the use of the DB with sessions. In Stefan's class, all session information is stored in a session object that persists as long as the user is authenticated. But, in other online reading, I have seen examples where programmers store session keys in a table in association with fk_profileid. What is the purpose of this? What is the best practice?
Thanks for your time.