19

I have an issue with GenericHandler and anonymousIdentification.

Basically if <anonymousIdentification enabled="true" /> is turned on in the web config, whenever a JQuery GET/POST request is sent to the server, that request executes under a new user and a new user session.

Is there a way to mitigate this? I need to access the current user's session variables... It is really frustrating!

jcolebrand
  • 15,889
  • 12
  • 75
  • 121
bleepzter
  • 9,607
  • 11
  • 41
  • 64
  • I have not checked it but i think if you are sending a jQuery GET req. from Client then it is handled in the current user context.. check with fiddler are the ASP.net session cookie same for both normal and jquery request – Shekhar_Pro Feb 03 '11 at 17:34
  • So if you turn off anonmyous ID it works? Are you using Forms auth? Can you turn off anon for that particular path in the web.config? – jcolebrand Feb 03 '11 at 17:37
  • I will try and see if this works @drachenstern. You are wrong @Shekhar_Pro. I store user data in the session; one value is UserRegistratinoState. If I come from a page where the user has just registered the enum value in the session is UserRegistrationState.Registered. I have verified this. However, when I call the handler from js on the another page, the first line of code in the handler checks that session variable. If the variable doesn't exist it automatically returns UserRegistrationState.Anonymous. I think it's safe to assume that Get requests from JQuery are executing under a new user. – bleepzter Feb 03 '11 at 17:52
  • What's happening is they're not sending the cookie back to the server. – jcolebrand Feb 03 '11 at 17:53
  • so how do I mitigate this? which cookie do I send? and how do I send it? – bleepzter Feb 03 '11 at 17:56

4 Answers4

42

Generic handlers must implement the IReadOnlySessionState interface to access session variables. If you also need to write session variables, implement IRequiresSessionState.

Josh Stodola
  • 81,538
  • 47
  • 180
  • 227
  • 1
    I will try this in a moment. Thanks @Josh Stodola – bleepzter Feb 03 '11 at 18:04
  • 2
    Should read: **public class MemberHandler:IHttpHandler,IRequiresSessionState** – Ravi Ram Jan 21 '12 at 23:54
  • I had problem that handler didn't send back the session cookie if request to handler was the first to the website (no actual session id) and I thought that when `IReadOnlySessionState` derives from 'IRequireSessionState` that will be enought. But I really had to use `IRequireSessionState` explicitly . Thanks for that post. – jgasiorowski Oct 19 '15 at 13:04
13

Implement the System.Web.SessionState.IRequiresSessionState interface:

public class Handler : IHttpHandler, System.Web.SessionState.IRequiresSessionState 
{   
  public void ProcessRequest(HttpContext context)  
  {      
    context.Session["StackOverflow"] = "overflowing";      
    context.Response.Redirect("~/AnotherPage.aspx");      
  }

}
Anne
  • 26,765
  • 9
  • 65
  • 71
sm.abdullah
  • 1,777
  • 1
  • 17
  • 34
  • i want to get session values in generic handler to upload image against primary key that i have stored in session, i am using jquery image upload plugin and it binds all properties on document ready. i used iRequiresSessionState in my handler code but still i can't access session values. session keys are still 0. can anyone tell me about this? – Aqeel Feb 25 '13 at 11:05
3

You can use this:

public class Handler : 
    IHttpHandler, 
    System.Web.SessionState.IReadOnlySessionState
Uwe Keim
  • 39,551
  • 56
  • 175
  • 291
Djb
  • 31
  • 1
-1

I suggest in the web browser you enable the network tab in the developer mode. Then check in the AJAX which cookie is sent (if any).

If you do not see any cookie, it means the browser did not get any session, thus you should make sure (as stated by Josh) to inherit the right interface and access the cookie. (Don'f forget to use System.Web.SessionState)

In order to generate the cookie, access the session object's sessionID:

string sesId = context.Session.SessionID;

Before you write anything to the response.

Ran Cohen
  • 486
  • 1
  • 3
  • 10
  • 2
    -1 It is very possible and plausible to have cookieless session state, and accessing the identifier certainly does not "generate" the cookie – Josh Stodola Jan 26 '12 at 16:50