All geek questions in one place

Where / how to fill in a session with a user stored in cookies in an MVC application on first boot?

I have a session variable that stores all of my user object, and when a user logs in to my site using form authentication (using standard MVC login), I set the Session variable for the user object as follows:

FormsAuthentication.SetAuthCookie(user.Username, model.RememberMe); SessionUtil.User = user;

All my pages are configured to work with this Session object, but the problem occurs when they check the Remember Me checkbox. Close their browser, re-open the browser and go back to my site. At this point, the session is clear and they are not logged in, but my site still remembers who they are, however all the pages that link to my user object during the session.

I’m looking for a way to populate the session user object with the appropriate data so that in the above scenario the session object is not empty, no matter what page they got on after it is “remembered” after visiting my site. Where is a good place for this? In launching the application? In SessionUtil (right now it's just a static wrapper for session vars)? Base class on the controller? And how do I do this? I have a logic written to disconnect a user from the username.

Edit: Well, application_start does not seem like a good place because it is:

  if (User != null) { SessionUtil.User = EntityServiceFactory.GetService<UserService>().GetUser(User.Identity.Name); }

in the method does not prevent this problem. I tried to make User.Identity.Name in the if check, and then got a link reference exception, but I still remember and logged in when the page really loads.

Tried the following in Global.asax for Splash-X comment:

 protected void Application_BeginRequest() { if(User != null) { SessionUtil.User = EntityServiceFactory.GetService<UserService>().GetUser(User.Identity.Name); } }

This event fires every request, but User is always null. But I do not get the default _LogOnPartial code:

 @if(Request.IsAuthenticated) { <text><strong>@User.Identity.Name</strong> [@Html.ActionLink("Profile", "Profile", "Account")] [ @Html.ActionLink("Log Off", "LogOff", "Account") ]</text> }

still shows me that you are logged in and the username is displayed there well.

+4
source share
1 answer

You definitely do not want to use application_start - it works only once, at the beginning your application is twisted. What you can look for is session_start, which will be run the first time a new session is requested:

 void Session_Start(object sender, EventArgs e) { // set SessionUtil.User here }

I don't think there is a definitive answer where your custom object should be updated. If I had to choose, I would probably do it in your SessionUtil.User getter. Something like this (warning, I have not compiled or tested this)

 public User User { get { if (Session["user"] != null) return Session["user"] as User; var user = GetUser(); //however you normally get current user Session["user"] = user; return user; } }

The end result is that you never need to request the user property of your session utility as null.

Edit : just to be clear, a session has nothing to do with being “remembered”. Your site knows that you are logged in and authenticated because you have an ASP.NET authorization cookie. It is session independent. A session is simply a storage facility, accessible to each unique user, authenticated.

+3
source

Source: https://habr.com/ru/post/1396914/

More articles:


All Articles