Access to session variables from IHttpModule's OnBeginRequest method

Question

I have a website that, in order to work properly, needs to have a XML file appended to all its URLs, let's say the file is called module-1.xml.

In order to keep those URls clean, I wrote a IHttpModule's that uses the HttpContext.Current.RewritePath to do the appending job inside the OnBeginRequest event.

The IHttpModule looks pretty simple and works:

public void OnBeginRequest(Object s, EventArgs e)
{
   string url = HttpContext.Current.Request.Url.AbsolutePath;
   if (url.EndsWith(".aspx"))
      HttpContext.Current.RewritePath(url + "?module-1.xml");
}

Now, I wanted to use the session variable to detect when a user decides to switch the website from model-1.xml to model-2.xml and have my code changed as follow:

public void OnBeginRequest(Object s, EventArgs e)
{
   string url = HttpContext.Current.Request.Url.AbsolutePath;
   if (url.EndsWith(".aspx"))
   {
      if (HttpContext.Current.Session["CurrentMode"] == "1")
         HttpContext.Current.RewritePath(url + "?module-1.xml");
      else if(HttpContext.Current.Session["CurrentMode"] == "2")
         HttpContext.Current.RewritePath(url + "?module-2.xml");
    }
}

From what I have found, the session can be accessed inside a module but not from inside the OnBeginRequest event which is the only event where HttpContext.Current.RewritePath can be made functional (at least from all the testing I have been doing).

Is my assumption correct? And if it is, what alternative could I use? Create a custom Session variable? Should I read from a txt file or from a DB in order to know what module the user is looking at? How could I keep track of a user from within the module?

score 1 · Accepted Answer · answered Oct 03 '12 at 23:52

It depends on the security required by your application. If you don't care about a malicious user being able to change the value, just store the module name in a cookie. If you do, you could store a securely generated identifier in a cookie, and look that up in a database to get the value you need to use.

score 1 · Answer 2 · answered Oct 04 '12 at 03:18

1

Get rid of the module completely. You are only attaching it to aspx pages, so there is no need for that to be in the URL. Instead just create a base page for your project pages to inherit from:

public class Solution.Web.UI.Page : System.Web.UI.Page
{
    public string CurrentMode 
    { 
        get { return String.Compare(Session["CurrentMod"].ToString(), "1") == 0) ? "module-1.xml" : "module-2.xml"; }
    }
}

That way you can simply access it on your pages without the overhead of that module or the risk of putting that info in a cookie.

answered Oct 04 '12 at 03:18

Lawrence Johnson

3,924
2
17
30

Thanks, but I still need to append the xml file to all the aspx files depending on the value located inside the session... – jdecuyper Oct 04 '12 at 14:16
Out of curiosity, what does appending it to the URL do? – Lawrence Johnson Oct 04 '12 at 18:57
We have got controls on all the pages that connect to an OPC server and display real-time data. Unfortunately, the only way to make all these controls work is by handing over a XML file through the URL. It's a pain but there is no way around it, it's third party product agreement from our company and we have to live it... for now :) – jdecuyper Oct 04 '12 at 22:50

Access to session variables from IHttpModule's OnBeginRequest method

2 Answers2