Longterm usage & conflict of Session / TempData - asp.net-mvc-3

I've an MVC3 web app which uses the default "in process" session. I've the PRG pattern in place - that is while postback if my modelstate is invalid I store the model in TempData and redirect to the original get action. In the get action I fetch the model data (if it exists) and send to the view. I believe this is one of the basic aspects of MVC.
I've learned that TempData in background is a session variable which
is used in the PRG transition. What I need to know is whether it is
possible to have a conflict or cross refrencing - if I use something
like TempData["model"] in two pages and access the pages
simultaneously. Would that overwrite the common data in
TempData["model"] or is it safe if I use the same tempdata names in
two different pages.
And does it conflict with Session["model"] kind of data? I'm facing some unexpected session data corruption - possibly due to my internal code that resets the session data or something else. Is it possible that session data can corrupt partially? I mean Session["data1"] is ok but Session["data2"] is gone?
My users often use the web app for a long duration causing session timeout. I tried for the ASP.Net session state service for session but that caused performance issues because I store some heavy objects (via serialization) in session. So finally I was back to the original default in proces mode.
Pls share if you've had any similar experiences.

TempData by default uses SessionState and access to SessionState is by default exclusive. So, if you do two concurrent reuquests, one will have to wait for the other to release the SessionState lock.
TempData does not interfere with using SessionState directly.
As SessionState by default uses in-proc, it can be invalidated almost anytime.
You might want to have a look at http://brockallen.com/2012/06/11/cookie-based-tempdata-provider/

Related

Sessions in Meteor

After a research it seems that Meteor Sessions are reset after refreshing page or opening the website in new tab, i.e. they are not usual server-side sessions but something like global javascript variables on client-side. Some people advice to use AmplifyJS, but I'm not sure that it will work like usual session in other frameworks/languages and also it is a third party library, so is there any normal way to use sessions in Meteor, i.e. keep user-specific data on server?
At this moment I'm handling that by using custom Collections, but it is not an ideal way of doing that because it is needed to remove expired values from Collection manually, which makes additional troubles.
Yes this is correct. Despite the name Session is nothing like a cookie, but just a reactive form of a variable stored in a hashmap
To keep data persistent across tabs you need to use a Collections (as this is the only way to reactively share data across tabs) - Cookies can't work because they can't be made reactive as data needs to be sent to the server to notify the client when there is a change. There really wouldn't be another way at the moment as the publish/subscribe methods can only send down data from collections at the moment.
You can use your setup you have now with your custom collection. You can use a server side cron job to remove expired data (either with Meteor.setInterval or Tom Coleman's cron.
There is a package developed just for that: https://atmospherejs.com/u2622/persistent-session
After installation you can use the following functions to set sessions which are persistent:
//store a persistent session variable which is stored across templates
Session.setPersistent(key, value);
//same as above, but automatically deletes session data when user logs out
Session.setAuth(key, value);
I've tried the package and it works like charm.

When copy the url from one browser to another browser my session data are not coming in asp.net MVC3

When i copy the URL from one browser to paste it in another browser my session data not retrieved it shows "Object reference not set to an instance of an object".
(Please note - this answer assumes you are not already using cookieless sessions)
The way sessions work in ASP.NET is that when you first access a site, a cookie-file is placed in your browsers cookie-store. The cookie contains a session ID, so the next time you access that site from that browser the ID is passed to the web-application and it knows which session-state to load.
However, each browser implements it's own cookie-store, so switching browsers means the site cannot determine your session ID.
One way to get around this is to use cookieless sessions. However, these have a number of issues relating to usability and security, so think long and hard before deciding they are for you.
Another option is to tie together your authorization and session systems. However, this is not generally recommended either.
You will not be able to access session values across multiple browsers.
Also, you should check if the value exists in Session to avoid Server Error.
if(Session["Key"] != null)
{
//Write your code here
}
else
{
//Alternative code (redirection code)
}

How can I set the view timeout?

In our JSF2 project on JBoss 7.1.1, we define a session timeout in the web.xml and it works just fine.
However, sometimes we're getting view expiration, leading to errors like this one even if the session is still alive:
javax.faces.application.ViewExpiredException: viewId:/... - View /... could
not be restored.
Where can we set the view timeout, like we did for sessions? Or is the view expiration caused by something else?
Another cause of ViewExpiredException is that too many logical views are been created in the session. The default limit is JSF implementation specific and every synchronous GET request on a particular view basically creates a new view. So, for example, when you use Mojarra (which has a default limit of 15) and start a browser session and open the same view in 16 different tabs and then submit a form in the 1st one, then you may get this exception as well. The limit is configureable with a JSF implementation specific context parameter, which is com.sun.faces.numberOfLogicalViews for Mojarra and org.apache.myfaces.NUMBER_OF_VIEWS_IN_SESSION in MyFaces (defaults to 20).
This is however a very rare real world problem. If your webapp is really designed to be used this way (e.g. a social/community site which invites to being opened in multiple tabs, such as discussion forum or Q&A), then you might consider using client side state saving instead.
See also:
javax.faces.application.ViewExpiredException: View could not be restored
com.sun.faces.numberOfViewsInSession vs com.sun.faces.numberOfLogicalViews

Is there a better way than using session variables to access an object anywhere in an application?

I am working with ASP.NET MVC 3.0. I have a page with an action link that makes appear a window in which you can adjust a certain value. Once the new value is sent to the database, an extern application deals with the value and send the result back to that database. I want the action link to be disabled while the extern application is doing her job. The page I am working on is refreshing automatically with some AJAX calls. The date when the extern application finished her last adjustment on a value is kept in the database. I first thought I could use session variables to store the date time of when the action link was pressed (because I need it through all the application) and then enable the action link when the adjust time is greater than the time when the action link was pressed, but I heard it was bad practices. Does someone have another solution?
Since you are already using the database - query the database to check the current status. If your application is restarted - a session value would be lost unless you are using a state server (ie sql server) to manage state- unless you don't care if its lost upon restart. You can use session and save yourself database calls - but the database is a bit cleaner and doesn't suffer from the same issue. If you do end up using the session, don't spread that session value all over your code, simply have a single method that reads or sets it (same with the db solution as well)

Subsonic, SharedDbConnectionScope and ApplicationState

I'm looking at using Subsonic with a multi-tenant ASP.net web application. There are multiple DB's (one per client/instance). The user logs in with a domain suffix to their username (e.g. user#tenant1, user#tenant2).
The custom membership provider will then determine which database a user is using, and authenticate against it. All user-initiated calls in the webapp will be wrapped in a SharedDbConnectionScope call, however I have a question regarding caching subsonic items.
Basically each instance will have a few records that rarely change (search options/configurations). I would like to read these in the Application_Start event, and cache them into the ApplicationState.
In the Application_Start event, it would loop over each client database, use a SharedDbConnectionScope to connect to each DB, and create these cached records (e.g. Application('tenant1_search_obj') = subsonic_object
When a user loads the search page, it would then check what domain a user is in, and then retreive that search option from the cache.
Is this feasible? I'm just concerned that if I cache an object, when I retrieve it from the application cache it won't know what connection its using, and might possibly pull in the wrong data.
I'd like to avoid putting this in the session object if possible.
it's possible, but probably not a good idea since it doesn't scale at all - you're going to pop a new connection for every single client whether they show up or not.
Maybe your best bet is to "lazy load" the setting - first hit on the search page loads the config into the cache or Application settings and there it stays.
Other than that - to answer your question it is possible. If you're using SubSonic 3, just create a new provider on the fly using ProviderFactory.GetProvider(connectionString, "System.Data.SqlClient") and then execute your stuff against it.
For SubSonic 2 - SharedConnectionScope is what you want.

Resources