Reputation: 73
asp.net core session store with redis distributed cache
I am using Redis for session store on my asp.net core 2.x web app. I was under the impression that the Httpcontext.Session.Id is used as the key to persist session state on redis. After further inspection via the redis-cli I found out the redis key to store the session is not the Session Id, nor the value I am setting (i.e. "client:name") instead it appears to be the _sessionKey of the Http Session object (which is a private member). Anyone know why the _sessionKey is being used and not the Session.Id, or the key I used to save to session? How can I get the private _sessionKey of the HttpContext.Session object?
I would like to be able to query redis via the cli by a SessionId.
// session config
services.AddSession();
//Add distributed cache service backed by Redis cache
services.AddDistributedRedisCache(o =>
{
o.Configuration = Configuration.GetConnectionString("Redis");
});
// Also, I am injecting the Session Middleware "app.UseSession();" prior to app.UseMvc()
Upvotes: 1
Views: 3014
Answers (1)
Reputation: 239460
The ASP.NET Core team have responded to this when it was raised as an issue on the Github repo:
The lifetimes are different. The true lifetime of a session (and SessionId) is controlled by the server. SessionKey is stored in the cookie and lives on the client for an indeterminate amount of time. If the session expires on the server and then the client sends a new request with the old SessionKey, a new session instance with a new SessionId is created, but stored using the old SessionKey so that we don't have to issue a new cookie.
Put another way, don't depend on things outside of your control. The client can keep and replay their SessionKey indefinitely, but it's the server that decides if that is really still the same session.
That aside, I honestly can't see any value in querying Redis directly for a session, anyways. All the session data is encrypted, and you won't be able to decrypted it without the same data protection provider that the app is using, which you obvious can only access within the context of the app. If you're already in that context, then you can simply access Session directly.
Upvotes: 3
Related Questions
- Distributed Cache (Redis) in .NET Core
- Redis Cache in ASP.NET Core
- ASP.Net Core web-farm with distributed session handling in Redis
- using Redis Cache as a Session Storage asp.net core
- How to cache pages with redis in .net core?
- Multiple types of Distributed Cache in ASP.NET Core
- ASP.NET Core distributed cache with Redis or SQL Server
- what more I need to can storage in redis cache in c#?
- ASP.NET 5.0 Session State and Azure cache
- ASP.NET Session State Provider for Redis Cache and TTL