0
votes

Can anybody please tell me how to handle sessions in asp.net MVC 4. I am aware about this Session variable and I know how to use it.

Session["login"] = true; //We can use it in controller to check the whether user logged in or not.

Above code snippet is enough to handle sessions on small web application. But, what if I have many controllers and actions and I am working on a large application, In this case I cant use session variable in each action.

Is there is any generic place where I can check my session variables or any other solution ?

2

2 Answers

5
votes

1st Way:

I used to write a Base Controller class and all other Controllers inherit from it that need to authenticated before access:

public class DefaultController : Controller
{
    protected override void OnActionExecuting(ActionExecutingContext filterContext)
    {
        if (filterContext.HttpContext.Session["User"] == null)
        {
            if (filterContext.HttpContext.Request.IsAjaxRequest())
            {
                filterContext.HttpContext.Response.StatusCode = 403;
                filterContext.Result = new JsonResult { Data = "LogOut", JsonRequestBehavior = JsonRequestBehavior.AllowGet };
            }
            else
                filterContext.Result = RedirectToAction("Login", "Account");
        }
        else
        {
            //base.Execute(filterContext.RequestContext);
        }
    }
}

and inherit from Base Controller in the ones for which user must be logged in:

public class LeaveController : DefaultController
{

}

Another way is to write your own authorizaion attribute.

See Filter and Attributes in asp.net mvc

2nd Way:

Here is sample for custom filter attribute, create class which inherits from ActionFilterAttribute:

public class SessionTimeoutAttribute : ActionFilterAttribute
{
    public override void OnActionExecuting(ActionExecutingContext filterContext)
    {
        if (filterContext.HttpContext.Session["someValueYouLookFor"] == null)
        {
            filterContext.Result = new RedirectResult("~/Home/Index"); // redirect to login action
        }
        else
        {
            // continue normal execution 
        }
    }
}

and put it on Controller or Action:

[SessionTimeout]
public ActionResult Index()
{


}
0
votes

Definitely, you can use Authentication filter if you're using MVC 5.

for simplest way, you can have a baseController, and all other controller should inherit that controller, and in baseController you can override that OnActionExecuting event, to verify if session is there or not.

for ex.

  protected override void OnActionExecuting(ActionExecutingContext filterContext)
        {
            if (Convert.ToBoolean(Session["login"]))
            {
                //Authenticated
            }
            else
            { 
                //Kick to login page
            }
        }

All other controller should inherit this baseController

 public class HomeController : BaseController
    {
        public ActionResult Index()
        {
            return View();
        }

        public ActionResult Test()
        {
            return View();
        }
    }

This way, before your action method start executing, it will be verified through baseController's OnActionExecuting event.