Access to session variables from IHttpModule's OnBeginRequest method
https://stackoverflow.com/questions/12718413
-
05-07-2021 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I have a website that, in order to work properly, needs to have a XML file appended to all its URLs, let's say the file is called module-1.xml.
In order to keep those URls clean, I wrote a IHttpModule's that uses the HttpContext.Current.RewritePath to do the appending job inside the OnBeginRequest event.
The IHttpModule looks pretty simple and works:
public void OnBeginRequest(Object s, EventArgs e)
{
string url = HttpContext.Current.Request.Url.AbsolutePath;
if (url.EndsWith(".aspx"))
HttpContext.Current.RewritePath(url + "?module-1.xml");
}
Now, I wanted to use the session variable to detect when a user decides to switch the website from model-1.xml to model-2.xml and have my code changed as follow:
public void OnBeginRequest(Object s, EventArgs e)
{
string url = HttpContext.Current.Request.Url.AbsolutePath;
if (url.EndsWith(".aspx"))
{
if (HttpContext.Current.Session["CurrentMode"] == "1")
HttpContext.Current.RewritePath(url + "?module-1.xml");
else if(HttpContext.Current.Session["CurrentMode"] == "2")
HttpContext.Current.RewritePath(url + "?module-2.xml");
}
}
From what I have found, the session can be accessed inside a module but
not from inside the OnBeginRequest event which is the only event where HttpContext.Current.RewritePath can be made functional (at least from all the testing I have been doing).
Is my assumption correct? And if it is, what alternative could I use? Create a custom Session variable? Should I read from a txt file or from a DB in order to know what module the user is looking at? How could I keep track of a user from within the module?
Solution
It depends on the security required by your application. If you don't care about a malicious user being able to change the value, just store the module name in a cookie. If you do, you could store a securely generated identifier in a cookie, and look that up in a database to get the value you need to use.
OTHER TIPS
Get rid of the module completely. You are only attaching it to aspx pages, so there is no need for that to be in the URL. Instead just create a base page for your project pages to inherit from:
public class Solution.Web.UI.Page : System.Web.UI.Page
{
public string CurrentMode
{
get { return String.Compare(Session["CurrentMod"].ToString(), "1") == 0) ? "module-1.xml" : "module-2.xml"; }
}
}
That way you can simply access it on your pages without the overhead of that module or the risk of putting that info in a cookie.
