2

I have a custom attribute class which inherits from AuthorizeAttribute. Sometimes the parameter httpContext.Session is null. How is this possible? The Session supposed to be alive as long as I am logged/active, right? I am not brwosing for 20 minutes or longer, in fact I am just browsing for 0-2 minutes and sometimes the Session property is null.

We have this bug since we are switched from MVC 2 (.NET 3.5) to MVC 4.5 (.Net 4.5) Is it possible that this is the cause of the problems?

How can I solve this?

tereško
  • 58,060
  • 25
  • 98
  • 150
Martijn
  • 24,441
  • 60
  • 174
  • 261
  • Place a conditional breakpoint and find out when/how it is called. – H H Oct 08 '12 at 12:35
  • @HenkHolterman I did place a conditional breakpoint and I don't have a call stack. It just says '[External Code]' and on top of that the line where the breakpoint is. – Martijn Oct 08 '12 at 12:52
  • And what can you learn from the context? Esp. the requested target. – H H Oct 08 '12 at 18:36
  • @HenkHolterman I don't know what you precisely mean, but in the HttpContext.Current is the Session null – Martijn Oct 12 '12 at 06:47

2 Answers2

1

How is this possible?

This could happen if you have disabled session state. In order to disable session state you could have the following in your web.config:

<sessionState mode="Off" />

or you could have decorated your controller/base controller/action with the [SessionState] attribute:

[SessionState(SessionStateBehavior.Disabled)]
public class HomeController : Controller
{
    ...
}
Darin Dimitrov
  • 1,023,142
  • 271
  • 3,287
  • 2,928
  • I don't have `sessionState mode="Off"` Everything is set to "InProc". I also don't have a SessionState attribute – Martijn Oct 12 '12 at 06:48
1

This could be a caching issue. Try overriding:

OnCacheAuthorization

in the filter. Or remove:

OutputCache

attributes from actions in the controller.

Jon List
  • 1,504
  • 1
  • 14
  • 20
  • A demo on how to override it and what this will acieve, would be handy here. How does this work? When you return `HttpValidationStatus.Invalid` from `OnCacheAuthorization`, then `AuthorizeCore` is not called at all? – user2173353 Feb 04 '16 at 12:56
  • OK. I found out : Search for `OnCacheAuthorization(HttpContextBase httpContext)` here: https://github.com/ASP-NET-MVC/aspnetwebstack/blob/master/src/System.Web.Mvc/AuthorizeAttribute.cs . Cheers! :) – user2173353 Feb 04 '16 at 13:00
  • So, if one had to validate the session for a cached action, how would he do it? The session object is not initialized inside `OnCacheAuthorization`. My case did not require that, but what if it did? Isn't that possible? :o – user2173353 Feb 04 '16 at 13:29
  • I'm sorry, but this is a little to far back for me to remember the details. I hope you solve you problem. – Jon List Feb 08 '16 at 14:05
  • I need to do exactly that @user2173353 – Romaine Carter Jan 18 '18 at 18:46
  • 1
    @RomaineCarter I think that the easiest fix would be to implement some caching mechanism by yourself inside the action. – user2173353 Jan 22 '18 at 09:52