tags:

views:

11408

answers:

7
+5  Q: 

"HttpContext.Current.Session" vs Global.asax "this.Session"

Recently, while working on some code for an ASP.NET project at work. We needed a tracking util to take basic metrics on user activity (page hit count etc) we would track them in Session, then save the data to DB via Session_End in Global.asax.

I began hacking away, the initial code worked fine, updating the DB on each page load. I wanted to remove this DB hit on each request though and just rely on Session_End to store all the data.

All of the tracking code is encapsulated in the Tracker class, including properties that essentially wrap the Session variables.

The problem is that when I executed Tracker.Log() in the Session_End method, the HttpContext.Current.Session in the Tracker code was failing with a NullReferenceException. Now, this makes sense since HttpContext always relates to the current request, and of course in Session_End, there is no request.

I know that Global.asax has a Session property which returns a HttpSessionState that actually seems to work fine (I ended up injecting it in to the tracker)..

But I am curious, how the hell can I get the same reference to the HttpSessionState object used by Global.asax from outside of Global.asax?

Thanks in advance guys, I appreciate the input. :)

A: 

I think you already answered your own question: usually the Session property in Global.asax and HttpContext.Current.Session are the same (if there is a current request). But in the case of a session timeout, there is no active request and therefore you can't use HttpContext.Current.

If you want to access the session from the method called by Session_End, then pass it as a parameter. Create an overloaded version the Log() method, which takes a HttpSessionState as a parameter, then call Tracker.Log(this.Session) from the Session_End event handler.

BTW: you are aware that you can not rely on the session end event in any case? It will only work as long as you have the session state in-process. When using SQL server or StateServer to mange the session state, the session end event will not fire.

M4N  2009-01-21 08:49:51
But my question is "how do I get a reference to the same object used by Global.asax"? :)
Rob Cooper  2009-01-21 08:52:22
A: 

Remember that Session_End runs when the session times out without activity. The browser doesn't originate that event (because it's inactive), so the only time you actually will get the event is when using the InProc provider. In EVERY OTHER provider, this event will never fire.

Moral? Don't use Session_End.

IDisposable  2009-01-21 08:51:40
Fair point, but the question is obviously based on the assumption that we *are using Session_End (be it a good or bad choice)
Rob Cooper  2009-01-21 09:11:35
So, telling someone that they are DOING IT WRONG, in a way THAT CAN FAIL SURPRISINGLY, is a bad answer? See "Pounding A Nail: Old Shoe or Glass Bottle?" http://is.gd/gSb1
IDisposable  2009-01-22 20:48:06
For the record, I totally agree with the main point of your post, but I personally feel it didn't contribute towards an "answer" to the question itself.. "Dont use" doesn't help IMHO.. "Dont use by try this" may have been a lot more useful.. :)
Rob Cooper  2009-01-22 21:28:23
+4  A: 

Global.asax implements HttpApplication - which is what you are talking to when you call this from within it.

The MSDN documentation for HttpApplication has details on how you can get hold of it in an HttpHandler for example, and then get access to the various properties on it.

HOWEVER

Your application can create multiple instances of HttpApplication to handle parallel requests, and these instances can be re-used, so just picking it up somehow isn't going to guarentee that you have the right one.

I too would also add a note of caution - if your application crashes, there's no guarentee that session_end is going to be called, and you'll have lost all the data across all sessions, clearly not a good thing.

I agree that logging on every page is probably not a great idea, but perhaps a halfway house with some asynchronous logging happening - you fire details off to a logging class, that every now and then logs the details you are after - still not 100% solid if the app crashes, but you're less likely to lose everything.

Zhaph - Ben Duguid  2009-01-21 11:49:43
Great answer, helped scope things in my mind. Totally agree with the last paragraph as well. Thinking of setting up a sliding expiration on the tracker to log the info sooner than session timeout and without Session_End. Thanks again :)
Rob Cooper  2009-01-21 13:09:13
+6  A: 

To answer the original question better:

Background

Every single page request spins up a new Session object and then inflates it from your session store. To do this, it uses the cookie provided by the client or a special path construct (for cookieless sessions). With this session identifier, it consults the session store and deserializes (this is why all providers but InProc need to be Serializable) the new session object.

In the case of the InProc provider, merely hands you the reference it stored in the HttpCache keyed by the session identifier. This is why the InProc provider drops session state when the AppDomain is recycled (and also why multiple web servers cannot share InProc session state.

This newly created and inflated object is stuck in the Context.Items collection so that it's available for the duration of the request.

Any changes you make to the Session object are then persisted at the end of the request to the session store by serializing (or the case of InProc, the HttpCache entry is updated).

Since Session_End fires without a current request in-fly, the Session object is spun up ex-nilo, with no information available. If using InProc session state, the expiration of the HttpCache triggers a callback event into your Session_End event, so the session entry is available, but is still a copy of what was last stored in the HttpContext.Cache. This value is stored against the HttpApplication.Session property by an internal method (called ProcessSpecialRequest) where is the available. Under all other cases, it internally comes from the HttpContext.Current.Session value.

Your answer

Since the Session_End always fires against a null Context, you should ALWAYS use this.Session in that event and pass the HttpSessionState object down to your tracing code. In all other contexts, it's perfectly fine to fetch from HttpContext.Current.Session and then pass into the tracing code. Do NOT, however, let the tracing code reach up for the session context.

My answer

Don't use Session_End unless you know that the session store you are using supports Session_End, which it does if it returns true from SetItemExpireCallback. The only in-the-box store which does is the InProcSessionState store. It is possible to write a session store that does but the question of who will process the Session_End is kind of ambiguous if there are multiple servers.

IDisposable  2009-01-23 00:08:45
A: 

Okay, I am in the same problem to track the session activity. Instead of using session_end event, I have implemented the IDisposable interface and destructor to my sessiontracker class. I have modified the Dispose() method to save the session activity to DB. I invoked the method obj.Dispose() when a user clicks the logout button. If user closed the browser by mistake, then GC will call the destructor while cleaning the objects (not immediately but for sure it will call this method after sometime). The destructor method internally execute the same Dispose() method to save the session activities into DB.

-Shan

 2009-07-16 15:31:36
A: 

Hello Shan,

I'm interested in your way and I would like to know more details about it with some code... My problem is that I'm using cache to prevent the same user from logging in twice from different computers and I wanted to remove the cache on Session_End. And as discussed when the code reach the HttpContext.Current.Cache.Remove(sKey); it is never executed and my code doesn't continue.

So I would be glad if anyone can help me.

Thank you,

Anthony

 2009-09-24 13:21:49
A: 

"Don't use Session_End" because it only works with InProc? So? What if I use InProc, can't use it either? I'm not going to skip this great feature because some other random providers don't support it. Stupid answer.

md1337  2010-10-28 16:10:11

related questions

Is it better to create Model classes, or just stick with generic database utility class?
What are effective options for embedding video in an ASP.NET web site?
Visual Studio 2008 debugger already attached work-around
Tracking state using ASP.NET AJAX / ICallbackEventHandler
ASP.NET Display SVN Revision Number
ASP.NET URL Rewriting
How can I change the background of a masterpage from the code behind of a content page?
Easy way to AJAX WebControls
How do I define custom web.config sections with potential child elements and attributes for the properties?
ASP.NET MVC "CRUD" Database Sample
Are Multiple DataContext classes ever appropriate?
How to RedirectToAction in ASP.NET MVC without losing request data
Triple Quotes? How do I delimit a databound Javascript string parameter in ASP.NET?
ASP.NET built in user profile, Vs old stile user class/tables
What's a good book for learning ASP?
Bandwith throttling in IIS 6 by IP Address
ASP .Net Custom Client-Side Validation
How to get the value of built, encoded ViewState?
Decent, simple, GIS/mapping component for ASP.NET?
Checklist for IIS 6/ASP.NET Windows Authentication?
How to write to Web.Config in Medium Trust ?
ASP.NET, Visual Studio and Subversion - how to integrate?
Floating Point Number parsing: Is there a Catch All algorithm?
How do I sync the SVN revision number with my ASP.NET web site?
ASP.NET Site Maps