?
Solved

Using a marker with a httpmodule to check for a session variable prior to page_load

Posted on 2006-07-19
8
Medium Priority
?
526 Views
Last Modified: 2009-07-29
This is a follow-on question from http://www.experts-exchange.com/Programming/Programming_Languages/Dot_Net/ASP_DOT_NET/Q_21916656.html

I have a httpmodule that checks for a session value before each page loads.  If the session value is nothing, then the user is redirected to a login page.  This module is detailed below.

The problem now is that I need this httpmodule to not affect the login.aspx page.  Every page EXCEPT for login.aspx should utilize this module.
I currently seem to get an infinite redirect taking place (according to Firefox).

Namespace myNS.Modules
      Public Class MyModule
            Implements IHttpModule

            Public Sub New()
            End Sub

            Public Sub Init(ByVal ctx As HttpApplication) Implements System.Web.IHttpModule.Init
                  AddHandler ctx.PreRequestHandlerExecute, AddressOf context_PreRequestHandlerExecute
            End Sub

            Public Sub Dispose() Implements System.Web.IHttpModule.Dispose
            End Sub

            Private Sub context_PreRequestHandlerExecute(ByVal sender As Object, ByVal e As EventArgs)
                  CaptureSessionContent()
            End Sub

            Private Sub CaptureSessionContent()
                  Dim ctx As HttpContext = HttpContext.Current
                  Dim session As HttpSessionState = ctx.Session
                  If session("integerValue") Is Nothing Then
                        ctx.Response.Redirect("login.aspx", True)
                  End If
            End Sub
      End Class
End Namespace
0
Comment
Question by:Rouchie
  • 4
  • 4
8 Comments
 
LVL 8

Expert Comment

by:rodmjay
ID: 17154478
Have you tried the solution i gave you, the marker interface?
0
 
LVL 25

Author Comment

by:Rouchie
ID: 17154520
Hi rodmjay
If you're referring to the INoSessionCheck, then no I haven't because you suggested starting a new thread in which you would post the information.  I don't know how to implement this so any examples would be really helpful.

Thanks for getting back, btw!
0
 
LVL 8

Accepted Solution

by:
rodmjay earned 2000 total points
ID: 17154868
OK, I couldnt figure out how to access the page object from the httpmodule.  I am thinking that it is not created yet??  Does anyone out there know?

Try this solution and tell me if it works if the login page is the only one that needs to be altered.

    Public Sub New()
    End Sub

    Public Sub Init(ByVal ctx As HttpApplication) Implements System.Web.IHttpModule.Init
        AddHandler ctx.PostAcquireRequestState, AddressOf context_PostAcquireRequestState
    End Sub

    Public Sub Dispose() Implements System.Web.IHttpModule.Dispose
    End Sub

    Private Sub context_PostAcquireRequestState(ByVal sender As Object, ByVal e As EventArgs)
        CaptureSessionContent()
    End Sub

    Private Sub CaptureSessionContent()
        Dim ctx As HttpContext = HttpContext.Current
        Dim session As HttpSessionState = ctx.Session
        If ctx.Request.RawUrl.Contains("login.aspx") Then
            If session("integerValue") Is Nothing Then
                ctx.Response.Redirect("login.aspx", True)
            End If
        End If
    End Sub
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 25

Author Comment

by:Rouchie
ID: 17166481
Hi rodmjay

>> Try this solution and tell me if it works if the login page is the only one that needs to be altered.
Sadly this didn't work.  I got the error in firefox again about a never-ending redirect when I tried to access login.aspx

>> OK, I couldnt figure out how to access the page object from the httpmodule.
I googled this and found a thread containing this C# code.  Apologies if it's not correct but I hope it is what you require...
    System.Web.UI.Page myPage = HttpContext.Current.Handler;
0
 
LVL 8

Expert Comment

by:rodmjay
ID: 17168268
Awesome, OK then try a simple check like this

If myPage isnot INoSessionCheck

and you should be good.  Im not sure why this is happening in firefox. You may want to step through with a debugger and see what is happening.
0
 
LVL 25

Author Comment

by:Rouchie
ID: 17168521
Hi again,
Sorry to go back a step, but I think I might have solved it.  I read your code carefully and noticed that where you check to see if we are on the login.aspx page, the session check only happens if we ARE on the page, when it actually needs to be the other way around!

I changed the if statement to be IF NOT, like this:

If Not ctx.Request.RawUrl.Contains("login.aspx") Then
      If session("customerID") Is Nothing Then
            ctx.Response.Redirect("login.aspx", True)
      End If
End If

This has successfully stopped the never-ending loop, but I have a couple of other minor things to ask...:

 1. Can the code within CaptureSessionContent() be moved inside context_PostAcquireRequestState()?
     This would remove a few lines of code from the module if it is possible.

 2. Does PostAcquireRequestState occur automatically in the loading events of each individual page?
    Just making sure that this module will execute for every single page!

Thanks loads for your help btw.
0
 
LVL 8

Expert Comment

by:rodmjay
ID: 17171352
The post acqire does occur automatically, but before the page object is actually loaded.  I guess while you could say its still an embryo...

Basically when you create modules, you have to know what happens when, for example, the session variables do not become available until AcquireRequestState event.  So if you need to get the session variables, any event that occurs after this event will have access to them.  I changed the event to the PostAcquireRequestState, because this is the first event (that i know of) that will allow you to access the session variables.

0
 
LVL 25

Author Comment

by:Rouchie
ID: 17173741
Excellent explanation rodmjay, thank you for your help with this :-)
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

One of the pain points with developing AJAX, JavaScript, JQuery, and other client-side behaviors is that JavaScript doesn’t allow for cross domain request for pulling content. For example, JavaScript code on www.johnchapman.name could not pull conte…
Introduction This article shows how to use the open source plupload control to upload multiple images. The images are resized on the client side before uploading and the upload is done in chunks. Background I had to provide a way for user…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
As many of you are aware about Scanpst.exe utility which is owned by Microsoft itself to repair inaccessible or damaged PST files, but the question is do you really think Scanpst.exe is capable to repair all sorts of PST related corruption issues?
Suggested Courses
Course of the Month16 days, 17 hours left to enroll

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question