Can I store session variables for each user in Global.asax file?

Question

I have an asp.net c# application. I'm using web forms authentication. I would like as soon as user logged or register at website to write his information in Session, like:

UserId, Email, Name, phone, address etc

I'm using also openid authentication.

As I see it the session can saved from master page, or Global.asax file. In my case I have 3 different master pages and I would like to save and remove user session variables from one place.

Also it has to be secure. Anyway at what point in application life cycle better to store session variables unique for each user? Best practices

Icarus · Answer 1 · 2012-02-29T12:49:28.103

2

I will suggest something different:

Inherit all your pages from a BasePage. In that BasePage create a User Property, something like this:

 public class BasePage : System.Web.UI.Page
 {
    public WebUser CurrentUser
    {
        get 
        {
            WebUser currentUser = HttpContext.Current.Session["WHATEVERKEY"] as WebUser;

            if (currentUser == null)
            {
               currentUser = new WebUser();//and do some processing
               HttpContext.Current.Session["WHATEVERKEY"] = currentUser;
            }
            return currentUser;
        }
        set 
        { 
            HttpContext.Current.Session["WHATEVERKEY"]=value;
        }
    }
 }

Once the user is authenticated you can simply store your user information by doing:

this.Page.CurrentUser = userAuthenticated;

And you can access this CurrentUser in all your pages in your application.

The WebUser class can look like this:

[Serializable]
public class WebUser
{

   public string Name {get;set;}
   public string Email {get;set;}
   // and so on... 
}

edited Feb 29 '12 at 12:49

answered Aug 31 '11 at 13:37

Icarus

63,293
14
100
115

What is the point of setting `currentUser = value;`? From what I can see that value is never read. Also, I suppose that it is implied that `currentUser` is a private backing variable, but you should probably add that explicitly for clarity. Or, since you never really use it, you can just make it a local variable. – mflodin Feb 29 '12 at 09:58
@mflodin the point is to access the `WebUser` property on any page that derives from BasePage. I added the type to currentUser. I had missed that part. – Icarus Feb 29 '12 at 12:45
I used @Icarus suggestion to get currentUser by adding it as a new c# web project to an existing solution* I was maintaining that contained 2 projects; one written in vb & the other c#. I was having trouble sharing a Session variable (AD UserName) across the two original projects. I wasn't sure it would work across two projects written in different languages but it did! * Existing web app solution was written using .NET 2003 (1.1) - I recently converted it to 3.5 using VS 2008. – Doreen Dec 12 '14 at 18:53

score 0 · Answer 2 · answered Aug 31 '11 at 13:23

Unless there is another way to access the Session instance other than through HttpContext.Current from within the global.asax, then this won't work - since you can't access the current context from the scope of this code. (You can access it directly since HttpApplication exposes a Session, but there are some caveats in this area.)

You could, however, define a fourth master page to act as the root and execute the generic code which utilises the session, then have each derive from this one.

score 0 · Answer 3 · answered Aug 31 '11 at 13:25

0

You can use the Application_BeginRequest method in the Global.asax file.

In that method, you can access "this.Session" and do whatever you'd like.

answered Aug 31 '11 at 13:25

Timothy Khouri

31,315
21
88
128

Note [this link](http://stackoverflow.com/questions/464456/httpcontext-current-session-vs-global-asax-this-session) from your own Google results, showing accessing this session isn't always what is intended. – Grant Thomas Aug 31 '11 at 13:29
That's why I didn't say to use the Session_End method :) ... but even so, using HttpContext.Current.Session is perfectly good. – Timothy Khouri Aug 31 '11 at 13:35
You can't access `HttpContext.Current.Session` from global.asax. – Grant Thomas Aug 31 '11 at 13:49

score 0 · Answer 4 · answered Aug 31 '11 at 13:25

You can do it from werether you want I'd suggest you the following :

public class User{

int UserID;
string Email;
string Name;
string Phone;
string Address
}

public static class SessionData{
 static User User{
get{
return (User)HttpContext.Current.Session["user"];
}
set{
HttpContext.Current.Session["user"] = value;
}
 static bool  IsUserConnected{
get{
return HttpContext.Current.Session["user"]  != null;
}
}

So if you want the current User's id you do SessionData.User.UserID.

PS : i'm sorrry for the static class ^^

score 0 · Answer 5 · answered Aug 31 '11 at 13:30

0

I think I would override the Page class and add the session management code there, then make each of the master pages inherit the custom class instead of Page.

answered Aug 31 '11 at 13:30

Rick Liddle

2,684
19
31

Can I store session variables for each user in Global.asax file?

5 Answers5