tags:

views:

490

answers:

6
+1  Q: 

Should a web site's business layer access the session state?

I am working on maintaining an ASP.NET website, and I've noticed the business layer and other supporting libraries make heavy use of HttpContext.Current.Session. This makes it hard to keep track of session variables, to determine what they're used for and why they even exist.

Is it considered bad practice to use the session in the business layer? And would it be wise to start moving all code that uses the session into the code-behind?

+1  A: 

Yes - the BL should not have any knowledge about the Session. Its a dependency that you don't need.

Brian  2009-04-23 19:01:16
+1  A: 

make a class that is an indirection, in which case on the web it may return values from HttpContext.Current.Session, and in other areas would resolve that from somewhere else. IE have an interface ISessionStore and have concrete classes WebSessionStore and WindowsFormsSessionStore, etc.

this will make your code easier to test and also gives you expansion paths when say, you now want x business logic to run in a windows service where it can run x piece of code every y minutes.

Darren Kopp  2009-04-23 19:02:17
+3  A: 

I follow this rule - any class in System.Web namespace (javax.servlet package in Java) should not be present in your business layer.

Chetan Sastry  2009-04-23 19:02:19
+5  A: 

It's almost never a good idea. There's lots of reasons, but here's a couple:

  • you'll never be able to use business layer code in anything other than ASP.NET
  • Unit Testing becomes much more of a pain or even impossible.

We ran into huge headaches with this exact same situation when we started to build services that utilized common business layer code.

Ryan Brunner  2009-04-23 19:02:25
+1  A: 

In my opinion it is bad practice.

It makes it pretty hard to dissociate that business layer from the environment. If you expect to unit test the thing for example, you're out of luck.

One way to take care of that simply would be to insulate this into an abstraction for now, so that you can pass a "state cache" around and not refer to HttpContext. That will take you at least to some degree of abstraction. Another more interesting question is, why does the business layer need to refer to that?

Denis Troller  2009-04-23 19:03:31
That's a good point about unit testing. As to why the business layer needs HttpContext: information about the logged-in user, like their role and permissions, are kept in the session, which can affect what the business logic does. I'll try abstracting away the state and passing it around - that sounds like a good solution.
tspauld  2009-04-23 20:27:59
The problem with that is that "Current user" is a pervasive concept, and you will be carrying it through layers of objects that don't need it. Sounds like a good reason to use an IOC, but that's a completely different ball game, and not a simple modification...
Denis Troller  2009-04-23 21:17:25
+1  A: 

its always better to have a centralized Cache/Session manager which encapsulates the complete interaction with session/cache or whatever persistence method you use. having your BL to interact with sessions is definitely a very bad practice and in a way defeats the purpose of the tiered architecture altogether.

Vikram  2009-04-24 06:09:08

related questions

Is it better to create Model classes, or just stick with generic database utility class?
What are effective options for embedding video in an ASP.NET web site?
Visual Studio 2008 debugger already attached work-around
Tracking state using ASP.NET AJAX / ICallbackEventHandler
ASP.NET Display SVN Revision Number
ASP.NET URL Rewriting
How can I change the background of a masterpage from the code behind of a content page?
Easy way to AJAX WebControls
How do I define custom web.config sections with potential child elements and attributes for the properties?
ASP.NET MVC "CRUD" Database Sample
Are Multiple DataContext classes ever appropriate?
How to RedirectToAction in ASP.NET MVC without losing request data
Triple Quotes? How do I delimit a databound Javascript string parameter in ASP.NET?
ASP.NET built in user profile, Vs old stile user class/tables
What's a good book for learning ASP?
Bandwith throttling in IIS 6 by IP Address
ASP .Net Custom Client-Side Validation
How to get the value of built, encoded ViewState?
Decent, simple, GIS/mapping component for ASP.NET?
Checklist for IIS 6/ASP.NET Windows Authentication?
How to write to Web.Config in Medium Trust ?
ASP.NET, Visual Studio and Subversion - how to integrate?
Floating Point Number parsing: Is there a Catch All algorithm?
How do I sync the SVN revision number with my ASP.NET web site?
ASP.NET Site Maps