ASP.NET MVC handling of users

Question

Hi,

The login method in my ASP.NET MVC page looks something like this :

Check ModelState
Check Username and password
user = accountModel.GetUser(model.UserName);
this.HttpContext.Session[Biss.Extensions.SessionKey.userContext.ToString()] = new UserContext() { SiteRole = (SiteRoles)user.RoleId, Id = user.Id };
FormsAuthentication.SetAuthCookie(model.UserName, createPersistentCookie);

During development Im rebuilding, restarting the solution alot of times and I have notice the following :

1. Start website
2. Login(with method above)
3. Rebuild soultion
4. Restart website

Now the User.Identity.Name will still be set but the

HttpContext.Session[Biss.Extensions.SessionKey.userContext.ToString()]

is null? I supose that the website is restarting when doing a rebuild/restart but how can the User.Identity.Name still be set? How could I handle this?

BestRegards

Answer 1

Since you are restarting the AppDomain the session is deleted as it is stored in memory. Think of it that the exactly same thing might happen in your production server. Under certain circumstances IIS could simply restart the application pool: for example after some inactivity or memory/CPU threshold is reached. To avoid loosing your session data you could use an out-of-process session storage so that it doesn't stay in memory. Look at the following article for the different possibilities: http://msdn.microsoft.com/en-us/library/ms972429.aspx

Answer 2

As you restarting the web site, you flush out you Session. The state of session is simply gone.

I would recommend to get rid of using Session for such simple scenario as user login. My general answer almost everywhere - do use session if you have very serious reason for that.

You can keep the information about user in database and read it than you actually need.