Comments on: Type Safe Session Variables

By: Donny V

Donny V — Fri, 09 Oct 2009 18:32:35 +0000

I’v been doing this for a while now.
One thing I learned in doing this is that in large projects you want
to use a GUID as the session variable. I usually don’t have 1 large session data class. I use it in any class. So you may accidentally use the same session variable. Using the GUID prevents that from happening.

Also you might want to think about some type of rehydration code inside the property. So that when IIS decides to dump the session state in the middle of your code executing it can rehydrate that session from nothing.

Here is an example

string UserAccountSessionID = “88766165-b250-4d65-af10-5f2b6c9eca0d”;
public static UserAccount GetUserAccount
{
get
{
System.Web.SessionState.HttpSessionState SessionState = System.Web.HttpContext.Current.Session;
UserAccount UA = null;
UA = SessionState[UserAccountSessionID] as UserAccount;
if (UA == null)
{
UA = GetUserAccount(CurrentUserID);
SessionState[UserAccountSessionID] = UA;
}

return UA;
}
}

By: Dave

Dave — Wed, 07 Oct 2009 19:26:14 +0000

Personally, I’d rather get the error and find out quickly that the session was misused.

By: Scott Holodak

Scott Holodak — Wed, 07 Oct 2009 19:22:40 +0000

Rather than casing the object, consider using the ‘as’ keyword in your get blocks. ‘as’ will return null if the object can’t be cast to the desired type instead of throwing an InvalidCastException. Even though you are providing a class to interface with the Session object in a strongly-typed way, it’s still possible for other developers to short circuit your system and manipulate the Session object directly, so it is possible to get some object type of the Session object that your code doesn’t expect. I think you’d rather get a null value back in that case than an unhandled exception.

By: Jef Claes

Jef Claes — Wed, 07 Oct 2009 17:45:40 +0000

I have been doing this for some time now.

Good thing you blogged about it!

By: Ira

Ira — Wed, 07 Oct 2009 15:02:46 +0000

I have always found it a little easier to type things going in and coming out of the session using a session helper class:

///
/// Helper object for strongly typed access to the session.
///
public class SessionHelper
{

#region Methods (2)

// Public Methods (2)

///
/// Gets the session value.
///
///
/// The key.
/// Returns a
public static T GetSessionValue(string key)
{
T result = default(T);
if (HttpContext.Current.Session[key] != null)
result = (T)HttpContext.Current.Session[key];
return result;
}

///
/// Sets the session value.
///
///
/// The key.
/// The value.
public static void SetSessionValue(string key, T value)
{
if (HttpContext.Current.Session[key] == null)
HttpContext.Current.Session.Add(key, value);
else
HttpContext.Current.Session[key] = value;
}

#endregion Methods

}