Solved

Using a marker with a httpmodule to check for a session variable prior to page_load

Posted on 2006-07-19
8
521 Views
Last Modified: 2009-07-29
This is a follow-on question from http://www.experts-exchange.com/Programming/Programming_Languages/Dot_Net/ASP_DOT_NET/Q_21916656.html

I have a httpmodule that checks for a session value before each page loads.  If the session value is nothing, then the user is redirected to a login page.  This module is detailed below.

The problem now is that I need this httpmodule to not affect the login.aspx page.  Every page EXCEPT for login.aspx should utilize this module.
I currently seem to get an infinite redirect taking place (according to Firefox).

Namespace myNS.Modules
      Public Class MyModule
            Implements IHttpModule

            Public Sub New()
            End Sub

            Public Sub Init(ByVal ctx As HttpApplication) Implements System.Web.IHttpModule.Init
                  AddHandler ctx.PreRequestHandlerExecute, AddressOf context_PreRequestHandlerExecute
            End Sub

            Public Sub Dispose() Implements System.Web.IHttpModule.Dispose
            End Sub

            Private Sub context_PreRequestHandlerExecute(ByVal sender As Object, ByVal e As EventArgs)
                  CaptureSessionContent()
            End Sub

            Private Sub CaptureSessionContent()
                  Dim ctx As HttpContext = HttpContext.Current
                  Dim session As HttpSessionState = ctx.Session
                  If session("integerValue") Is Nothing Then
                        ctx.Response.Redirect("login.aspx", True)
                  End If
            End Sub
      End Class
End Namespace
0
Comment
Question by:Rouchie
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
8 Comments
 
LVL 8

Expert Comment

by:rodmjay
ID: 17154478
Have you tried the solution i gave you, the marker interface?
0
 
LVL 25

Author Comment

by:Rouchie
ID: 17154520
Hi rodmjay
If you're referring to the INoSessionCheck, then no I haven't because you suggested starting a new thread in which you would post the information.  I don't know how to implement this so any examples would be really helpful.

Thanks for getting back, btw!
0
 
LVL 8

Accepted Solution

by:
rodmjay earned 500 total points
ID: 17154868
OK, I couldnt figure out how to access the page object from the httpmodule.  I am thinking that it is not created yet??  Does anyone out there know?

Try this solution and tell me if it works if the login page is the only one that needs to be altered.

    Public Sub New()
    End Sub

    Public Sub Init(ByVal ctx As HttpApplication) Implements System.Web.IHttpModule.Init
        AddHandler ctx.PostAcquireRequestState, AddressOf context_PostAcquireRequestState
    End Sub

    Public Sub Dispose() Implements System.Web.IHttpModule.Dispose
    End Sub

    Private Sub context_PostAcquireRequestState(ByVal sender As Object, ByVal e As EventArgs)
        CaptureSessionContent()
    End Sub

    Private Sub CaptureSessionContent()
        Dim ctx As HttpContext = HttpContext.Current
        Dim session As HttpSessionState = ctx.Session
        If ctx.Request.RawUrl.Contains("login.aspx") Then
            If session("integerValue") Is Nothing Then
                ctx.Response.Redirect("login.aspx", True)
            End If
        End If
    End Sub
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 25

Author Comment

by:Rouchie
ID: 17166481
Hi rodmjay

>> Try this solution and tell me if it works if the login page is the only one that needs to be altered.
Sadly this didn't work.  I got the error in firefox again about a never-ending redirect when I tried to access login.aspx

>> OK, I couldnt figure out how to access the page object from the httpmodule.
I googled this and found a thread containing this C# code.  Apologies if it's not correct but I hope it is what you require...
    System.Web.UI.Page myPage = HttpContext.Current.Handler;
0
 
LVL 8

Expert Comment

by:rodmjay
ID: 17168268
Awesome, OK then try a simple check like this

If myPage isnot INoSessionCheck

and you should be good.  Im not sure why this is happening in firefox. You may want to step through with a debugger and see what is happening.
0
 
LVL 25

Author Comment

by:Rouchie
ID: 17168521
Hi again,
Sorry to go back a step, but I think I might have solved it.  I read your code carefully and noticed that where you check to see if we are on the login.aspx page, the session check only happens if we ARE on the page, when it actually needs to be the other way around!

I changed the if statement to be IF NOT, like this:

If Not ctx.Request.RawUrl.Contains("login.aspx") Then
      If session("customerID") Is Nothing Then
            ctx.Response.Redirect("login.aspx", True)
      End If
End If

This has successfully stopped the never-ending loop, but I have a couple of other minor things to ask...:

 1. Can the code within CaptureSessionContent() be moved inside context_PostAcquireRequestState()?
     This would remove a few lines of code from the module if it is possible.

 2. Does PostAcquireRequestState occur automatically in the loading events of each individual page?
    Just making sure that this module will execute for every single page!

Thanks loads for your help btw.
0
 
LVL 8

Expert Comment

by:rodmjay
ID: 17171352
The post acqire does occur automatically, but before the page object is actually loaded.  I guess while you could say its still an embryo...

Basically when you create modules, you have to know what happens when, for example, the session variables do not become available until AcquireRequestState event.  So if you need to get the session variables, any event that occurs after this event will have access to them.  I changed the event to the PostAcquireRequestState, because this is the first event (that i know of) that will allow you to access the session variables.

0
 
LVL 25

Author Comment

by:Rouchie
ID: 17173741
Excellent explanation rodmjay, thank you for your help with this :-)
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have developed many web applications with asp & asp.net and to add and use a dropdownlist was always a very simple task, but with the new asp.net, setting the value is a bit tricky and its not similar to the old traditional method. So in this a…
IntroductionWhile developing web applications, a single page might contain many regions and each region might contain many number of controls with the capability to perform  postback. Many times you might need to perform some action on an ASP.NET po…
Come and listen to Percona CEO Peter Zaitsev discuss what’s new in Percona open source software, including Percona Server for MySQL (https://www.percona.com/software/mysql-database/percona-server) and MongoDB (https://www.percona.com/software/mongo-…
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…

695 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question