Using PostAcquireRequestState in global.asax

[damiensawyer]

Hi,

I have the following situation. If a user browses to http://domain/somemiscURL.aspx
without going through the front door I need to catch the request,
forward them to a login page and then, on completion, send them to the
original page that they requested.

My 'plan' was to do the following.
1/ Catch every request and test if it's "logged in" (determined by
existence of an object help in the Session
2/ If they fail, store the path that they requested in a session state
then redirect them to the login page
3/ On succesfull login, check the session variable of their original
request and send them on their way.

I've found the PostAcquireRequestState event on the httpApplication
object which, according to MSDN "Occurs when the request state (for
example, session state) that is associated with the current request
has been obtained".

From global.asax (simplified)

protected void Application_PostAcquireRequestState(object sender,
EventArgs e)
{
if (!clsWebFunctions.IsLoggedIn(Session) &&
(!Request.Url.ToString().Contains("HomePageURL")
{
Session["requestedpage"= Request.Url.ToString();
}
}

The issue is that I keep getting a "Session state is not available in
this context." error (on the call to IsLoggedIn).

Can someone please point me in the right direction?

Thanks in advance for your help,


Damien

 

[Teemu Keiski]

Hi,

it is also raised for all HTTP handlers (Page is just one of them, there is
for example WebResource handler in ASP.NET, too) and not all of them require
session state. It is determined by if the current HTTP handler implements
IRequiresSessionState or IReadOnlySessionState interfaces.

You can check HttpContext.Current.Handler if it implements either of these
interfaces, when it is safe to access the session state (depending do you
also need to write to the session or just read it)

 

[damiensawyer]

Thanks very much Teemu, that's a big help.

You can check HttpContext.Current.Handler if it implements either of these
interfaces, when it is safe to access the session state (depending do you
also need to write to the session or just read it)

I actually need to write to it. Is that going to be possible?


Damien

 

[damiensawyer]

Hi again,

I implement this check and the failures have disapeared. The code
works perfectly - on Firefox, however for some unknown reason, not on
IE7.

By examinine the trace information, when the page is accessed via IE,
the session variable is not created. As this is all "server side", I'm
stuck as to why this would be.

Thanks in advance for any help.


DS


--- code extract below ---

//IRequiresSessionState: (MSDN) Specifies that the target HTTP
handler requires read and write access to session-state values.
bool RequiresSession =
clsGlobalFunctions.ClassHasInterface(
Context.CurrentHandler.GetType(),
typeof(global::System.Web.SessionState.IRequiresSessionState));

if (RequiresSession)
{
string RequestURL = Request.Url.ToString().ToLower();
if (
!clsWebFunctions.IsLoggedIn(Session) &&
!( // Don't create session variable if
navigating to one of the following pages.

RequestURL.Contains((clsWebFunctions.URLConstants(eURL.HomePageURL)).ToLower().Replace("~",
""))
||
RequestURL.Contains((clsWebFunctions.URLConstants(eURL.EnRouteLoginURL)).ToLower().Replace("~",
""))
||
RequestURL.Contains((clsWebFunctions.URLConstants(eURL.Default)).ToLower().Replace("~",
""))
)
)
{
Session[eSession.RequestedPage.ToString()] =
Request.Url.ToString();

Response.Redirect(clsWebFunctions.URLConstants(eURL.EnRouteLoginURL));
}
}

 

[Teemu Keiski]

Hi,

Can you confirm with some test code that is Session property null in that
case?