2

Situation, a user MAY upload a file and MAY trigger the spam filter. If it does trigger the spam filter i save all the post data and show a captcha. If the 'bot' doesnt succeed by the time the session times out the HttpPostedFile data (which includes uploaded file) should discard.

I am assuming i dont want to put the uploaded data into session (it is likely to be a few Kb but may be 20mb+). So how i store/discard this data efficiently and properly

  • 3
    Keep in mind that by default, ASP.Net has a maximum request size of 4MB. If you need to upload files greater than that, you'll have to change your configuration in web.config. – adrianbanks Jul 06 '09 at 14:23

1 Answers1

3

Save the file in a safe directory (no permissions to execute or access from the site), probably with a guid as a filename, then store that guid in session. That way after your captcha you can go back and grab the file from the directory.

You can clean up this directory on success / failures, or also run a job just to remove anything over a certain age.

Robin Day
  • 100,552
  • 23
  • 116
  • 167