How to access session in aspx that was modified in ashx?

Question

I am using uploadify to upload files, they automatically post to the handler. I then modify the session in the handler that I have setup as a static property in a common class of the website. I then try to access that same session in the aspx page, and the value is null. I have a feeling this is because of cookies, but there needs to be a way to work around this without exposing the sessionid in the url.

ASHX:

public class Upload : IHttpHandler, IReadOnlySessionState, IRequiresSessionState 
{

    public void ProcessRequest(HttpContext context)
    {
        ...
        CMSSession.Current.UploadedFiles.Add(fileName);
    }
}

Session Class:

public class CMSSession
{    
    public static CMSSession Current
    {
        get
        {
            CMSSession session = (CMSSession)HttpContext.Current.Session["__CMSSession__"];
            if (session == null)
            {
                session = new CMSSession();
                HttpContext.Current.Session["__CMSSession__"] = session;
            }
            return session;
        }
    }

    public List<string> UploadedFiles { get; set; }
}

ASPX:

if (CMSSession.Current.UploadedFiles != null)
{
    ...
}
else
{
    IT'S ALWAYS NULL
}

Web.Config:

<sessionState mode="InProc" cookieless="false" /> - causes session to always null in aspx when modified in ashx
<sessionState mode="InProc" cookieless="true" /> - session value is not null, but sessionid is exposed in the url

How do I access & modify the current session within the ASHX file WITHOUT changing cookieless to true and then access the session from the ASPX page?

I have tried using HttpContext and using the context passed into the ASHX...nothing works.

same as this question, but there has to be a more secure way: session set in ashx and get that session on aspx

Any ideas?

Are you accessing the ASPX page and ASHX page using the same domain name? — Mike Christensen, Jan 22 '13 at 18:18
Hmm weird. I'd look at the cookies and see what the paths are. Maybe the cookie is only scoped to a single page or something? — Mike Christensen, Jan 22 '13 at 18:27
It's a browser issue apparently. IE copies the sessionid to the ashx, chrome, ff, ect does not. — Steve Stokes, Jan 22 '13 at 18:29
Naw, if the cookie is valid for that path, the browser will send it. If you looked at the HTTP traffic, it's probably there. Try out Win's solution and see if that works. — Mike Christensen, Jan 22 '13 at 18:33
found this: http://stackoverflow.com/questions/43324/can-i-put-an-asp-net-session-id-in-a-hidden-form-field#237682 no help tho. — Steve Stokes, Jan 22 '13 at 18:35
How are you calling this ASHX file? You need to verify first, the cookie is being set on the response (Use Fiddler for that) and two, the browser is processing that response correctly and saving the cookie. — Mike Christensen, Jan 22 '13 at 18:39
It's being called from flash, which does not pass the sessionid. this looks like the fix: http://snipplr.com/view/15180/ — Steve Stokes, Jan 22 '13 at 18:46

score 5 · Accepted Answer · answered Jan 22 '13 at 19:05

I found the answer: When the handler is being called from FLASH (like swfupload or uploadify) it does not pass the current sessionid to the handler. The handler then creates a NEW session. To fix this, do the following:

Your UI: JavaScript:

$(Selector).uploadify({
    swf: 'uploadify.swf',
    uploader: 'Upload.ashx?ASPSESSID=<%=Session.SessionID%>'   
});

Add to: Global.asax:

void Application_BeginRequest(object sender, EventArgs e)
{
    try
    {
        string session_param_name = "ASPSESSID";
        string session_cookie_name = "ASP.NET_SESSIONID";
        string session_value = Request.Form[session_param_name] ?? Request.QueryString[session_param_name];
        if (session_value != null) { UpdateCookie(session_cookie_name, session_value); }
    }
    catch (Exception) { }
}

void UpdateCookie(string cookie_name, string cookie_value)
{
    HttpCookie cookie = HttpContext.Current.Request.Cookies.Get(cookie_name);
    if (cookie == null)
    {
        HttpCookie cookie1 = new HttpCookie(cookie_name, cookie_value);
        Response.Cookies.Add(cookie1);
    }
    else
    {
        cookie.Value = cookie_value;
        HttpContext.Current.Request.Cookies.Set(cookie);
    }
}

Taken & simplified for uploadify from: http://snipplr.com/view/15180/

You may need to use an authid if using formsauthentication:

&AUTHID=<%= Request.Cookies[FormsAuthentication.FormsCookieName] == null ? "" : Request.Cookies[FormsAuthentication.FormsCookieName].Value %>

append that to the uploader parameter in the jQuery.

Then add the following to the global:

try
    {
        string auth_param_name = "AUTHID";
        string auth_cookie_name = FormsAuthentication.FormsCookieName;
        string auth_value = Request.Form[auth_param_name] ?? Request.QueryString[auth_param_name];

        if (auth_value != null) { UpdateCookie(auth_cookie_name, auth_value); }
    }
    catch (Exception) { }

You can now access the same session from the handler (even using the static session object I used above in the question) in IE, Chrome, FF, ect.

Glad you figured this out, sucks you have to jump through all these hoops! — Mike Christensen, Jan 22 '13 at 20:18
Yeah it's not fun running into issues like these. I find it annoying that after all these years there is still no real clean, nice, easy file upload solution for webforms. There always seems to be an issue somwhere. — Steve Stokes, Jan 22 '13 at 22:09
This is exactly what I was looking for. This deserves my up-vote! Thanks! — Mausimo, Apr 12 '13 at 03:19
I'm glad this helped you, it was not fun figuring out what was going on lol. — Steve Stokes, Jun 03 '13 at 15:13

score 0 · Answer 2 · answered Jan 22 '13 at 19:28

Context.Session is null.. because connection to HttpHandler has another Context.Session
(debug and try: Context.Session.SessionId in where is the fileInput is different from Context.Session.SessionId in Upload.ashx)!

I suggest a workaround: pass a reference to the elements you need in the second session ( in my sample i pass the original SessionId using sessionId variable)

....
var sessionId = "<%=Context.Session.SessionID%>";
var theString = "other param,if needed";
$(document).ready(function () {
    $('#fileInput').uploadify({
        'uploader': '<%=ResolveUrl("~/uploadify/uploadify.swf")%>',
        'script': '<%=ResolveUrl("~/Upload.ashx")%>',
        'scriptData': { 'sessionId': sessionId, 'foo': theString },
        'cancelImg': '<%=ResolveUrl("~/uploadify/cancel.png")%>',
 ....

and use this items in .ashx file.

public void ProcessRequest(HttpContext context)
{
    try
    {
       HttpPostedFile file = context.Request.Files["Filedata"];
       string sessionId = context.Request["sessionId"].ToString();
      ....

If you need to share complex elements use Context.Application instead of Context.Session, using original SessionID: Context.Application["SharedElement"+SessionID]

How to access session in aspx that was modified in ashx?

2 Answers2