Session is null in Custom AuthorizeAttribute

Question

I have an asp.net MVC application, using framework 4.6, and I create a custom AuthorizeAttribute. In my class I override the AuthorizeCore method and I access the session to verify some authentication informations. But sometimes when I try to access the property session in the AuthorizeCore method I have a NullReferenceException because the session property is null.

The problem is intermittent and it occurs when I have simultaneous access in the same action. If I open the page and refresh the page several times (F5 in browser) it shows the error.

I noticed that when the session is null, the handler is null too.

I am using StateServer mode to store my session. I try to change to InProc mode and I have the same issue. I don't know if it makes difference but I am using Ninject MVC.

My custom attribute:

public class CustomAuthorizeAttribute : AuthorizeAttribute
{
        protected override bool AuthorizeCore(HttpContextBase httpContextBase)
        {
            if (!httpContextBase.User.Identity.IsAuthenticated)
            {
                return false;
            }

            var infoUser = httpContextBase.Session["infoUser"];

            ...
        }
}

My controller:

public class HomeController
{
        [CustomAuthorize]
        [OutputCache(CacheProfile = CACHE_PRINCIPAL)]
        public ActionResult Index()
        {
            return View();
        }
}

score 1 · Accepted Answer · edited May 23 '17 at 11:45

1

Please look at this explanation about Membership provider, Session provider and caching:

Authorization and ASP.NET MVC Caching

Do you use caching?

edited May 23 '17 at 11:45

Community

1
1

answered Feb 01 '16 at 13:17

Alex Vazhev

1,363
1
18
17

Yes, I was using OutputCache. I removed and it works fine. – Rodrigo Kiguti Feb 01 '16 at 14:18

Session is null in Custom AuthorizeAttribute

1 Answers1