tags:

views:

3464

answers:

4
+3  Q: 

ASP.Net: If I have the Session ID, Can I get the Session object?

This question is related to this one, though I think I was a little too long-winded there to really get a good answer. I'll keep this brief.

I'm working on a web handler (ashx) that accepts a form post from an aspx page. When the handler receives this form post, in order to do what it needs to do, it needs to know the user who is logged in (User.Identity.Name), but I can't rely on cookies being sent by the browser.

I know I can get the Session.SessionID and place it in a hidden form field, but once my handler receives the form post, how can I use that SessionID to figure out the logged-in user's identity?

I'm using the StateServer mode for session state.

+2  A: 

I think you can do it be implementing the IReadOnlySessionState interface on your HttpHandler

lomaxx  2008-09-11 01:11:29
An excellent tip, but this still relies on the browser sending the ASP.NET_SessionId cookie, which I can't rely on. I need a way to manually pass the SessionId through to the handler.
Josh Hinman  2008-09-11 06:00:21
A: 

In an HttpHandler or HttpModule implementation, you cannot always access session from the BeginRequest event. There is another event you can handle, called OnAcquireRequestState. If you write your code in that event, then HttpContext.Current.Session will not be null.

Ben Scheirman  2008-09-11 01:38:53
A: 

Unless there is a need to use session directly, you could always store whatever information about the logged-in user's identity in a singleton dictionary or cache and reference it via the SessionID stored in a hidden field. I personally see security issues in this but won't go into those. I would consider issuing single use identities for this type of implementation.

Adam Carr  2008-09-11 01:40:11
Good idea, but where to store this singleton dictionary? The Application object will not distribute to other web servers in the farm (or even other process threads in a web garden), sql database is an option, but I was hoping for something more elegant.
Josh Hinman  2008-09-11 06:03:23
SQL server would be your best bet. If you are using state server for this already, it would be a similar penalty. Or you could write your own WCF service that would handle this exchange. It could work as the unique ID broker as well as identity storage. Or even use a SQL endpoint service.
Adam Carr  2008-09-11 16:17:08
+1  A: 

Jonas posted a great answer to this question here:

http://stackoverflow.com/questions/43324/can-i-put-an-aspnet-session-id-in-a-hidden-form-field#237682

Josh Hinman  2008-10-27 17:30:51
Jonas' link seems to be broken
Mulki  2010-10-28 09:35:36

related questions

Is it better to create Model classes, or just stick with generic database utility class?
What are effective options for embedding video in an ASP.NET web site?
Visual Studio 2008 debugger already attached work-around
Tracking state using ASP.NET AJAX / ICallbackEventHandler
ASP.NET Display SVN Revision Number
ASP.NET URL Rewriting
How can I change the background of a masterpage from the code behind of a content page?
Easy way to AJAX WebControls
How do I define custom web.config sections with potential child elements and attributes for the properties?
ASP.NET MVC "CRUD" Database Sample
Are Multiple DataContext classes ever appropriate?
How to RedirectToAction in ASP.NET MVC without losing request data
Triple Quotes? How do I delimit a databound Javascript string parameter in ASP.NET?
ASP.NET built in user profile, Vs old stile user class/tables
What's a good book for learning ASP?
Bandwith throttling in IIS 6 by IP Address
ASP .Net Custom Client-Side Validation
How to get the value of built, encoded ViewState?
Decent, simple, GIS/mapping component for ASP.NET?
Checklist for IIS 6/ASP.NET Windows Authentication?
How to write to Web.Config in Medium Trust ?
ASP.NET, Visual Studio and Subversion - how to integrate?
Floating Point Number parsing: Is there a Catch All algorithm?
How do I sync the SVN revision number with my ASP.NET web site?
ASP.NET Site Maps