HttpContext.Current.Session Always Null

Question

I know this topic has come up a lot, but I haven't found one that works for my problem..

I have a GuestTokenValidationAttribute Class that derives from ActionFilterAttribute, in there I receive a token from the header and I use it as a String token. Then I want to add that token to a session, but no matter what I do the Session is always null.

Please guys any guidance or help will be much appreciated,

Code Example below:

public class GuestTokenValidationAttribute : ActionFilterAttribute
{
    public override void OnActionExecuting(HttpActionContext actionContext)
    {
         string token;
        try
        {
           token =  actionContext.Request.Headers.GetValues("Authorization-Token").First();
        }
        catch (Exception)
        {
            actionContext.Response = new HttpResponseMessage(HttpStatusCode.Unauthorized)
            {
                Content = new StringContent("Unauthorized User")
            };
            return;
        }

        if(string.IsNullOrEmpty(token))
        {
          actionContext.Response = new HttpResponseMessage(HttpStatusCode.Unauthorized)
            {
                Content = new StringContent("Unauthorized User")
            };
            return;  
        }

        try
        {
            var repository = DependencyResolver.Current.GetService<IRepository<Guest>>();
            var guest = repository.GetAll().FirstOrDefault(x => x.Token == token);
            if(guest == null)
            {
                actionContext.Response = new HttpResponseMessage(HttpStatusCode.Unauthorized)
                {
                    Content = new StringContent("Unauthorized User")
                };
                return;  
            }

        }
        catch (Exception)
        {
            actionContext.Response = new HttpResponseMessage(HttpStatusCode.Unauthorized)
            {
                Content = new StringContent("Unauthorized User")
            };
            return;
        }




       HttpContext.Current.Session.Add("guesttoken" ,token);

        base.OnActionExecuting(actionContext);

    }

See this: http://stackoverflow.com/questions/11478244/asp-net-web-api-session-or-something — haim770, Dec 12 '13 at 11:05

score 1 · Accepted Answer · answered Mar 29 '14 at 11:44

1

MVC ported to asp.net to solve problems such as Session and ViewState which were a true opposition against the nature of the web. As you know, in MVC, all actions and responses should be considered as stateless requests which nothing should be left before and after processing the request and assumed GC will collect all data in ViewBags, Session, Variables, etc.

So, as highly recommended, the common way of handling such thing is using native facilities delivered through pure web such as cookies, html-forms, html-inputs, url parameters, etc.

answered Mar 29 '14 at 11:44

Ali Dehghan

462
3
6

Question is about WebAPI not MVC. WebAPI doesn't support sessions. To enable session, see haim700's comment. – LostInComputer Mar 29 '14 at 12:02
WebAPI is just a part of MVC which are built and run on the run-time libraries of MVC. Thus, MVC and WebAPI naturally doesn't differ – Ali Dehghan Mar 30 '14 at 04:43

HttpContext.Current.Session Always Null

1 Answers1