How to use sessions in an ASP.NET MVC 4 application?
Solution 1
Try
//adding data to session
//assuming the method below will return list of Products
var products=Db.GetProducts();
//Store the products to a session
Session["products"]=products;
//To get what you have stored to a session
var products=Session["products"] as List<Product>;
//to clear the session value
Session["products"]=null;
Solution 2
Due to the stateless nature of the web, sessions are also an extremely useful way of persisting objects across requests by serialising them and storing them in a session.
A perfect use case of this could be if you need to access regular information across your application, to save additional database calls on each request, this data can be stored in an object and unserialised on each request, like so:
Our reusable, serializable object:
[Serializable]
public class UserProfileSessionData
{
public int UserId { get; set; }
public string EmailAddress { get; set; }
public string FullName { get; set; }
}
Use case:
public class LoginController : Controller {
[HttpPost]
public ActionResult Login(LoginModel model)
{
if (ModelState.IsValid)
{
var profileData = new UserProfileSessionData {
UserId = model.UserId,
EmailAddress = model.EmailAddress,
FullName = model.FullName
}
this.Session["UserProfile"] = profileData;
}
}
public ActionResult LoggedInStatusMessage()
{
var profileData = this.Session["UserProfile"] as UserProfileSessionData;
/* From here you could output profileData.FullName to a view and
save yourself unnecessary database calls */
}
}
Once this object has been serialised, we can use it across all controllers without needing to create it or query the database for the data contained within it again.
Inject your session object using Dependency Injection
In a ideal world you would 'program to an interface, not implementation' and inject your serializable session object into your controller using your Inversion of Control container of choice, like so (this example uses StructureMap as it's the one I'm most familiar with).
public class WebsiteRegistry : Registry
{
public WebsiteRegistry()
{
this.For<IUserProfileSessionData>().HybridHttpOrThreadLocalScoped().Use(() => GetUserProfileFromSession());
}
public static IUserProfileSessionData GetUserProfileFromSession()
{
var session = HttpContext.Current.Session;
if (session["UserProfile"] != null)
{
return session["UserProfile"] as IUserProfileSessionData;
}
/* Create new empty session object */
session["UserProfile"] = new UserProfileSessionData();
return session["UserProfile"] as IUserProfileSessionData;
}
}
You would then register this in your Global.asax.cs file.
For those that aren't familiar with injecting session objects, you can find a more in-depth blog post about the subject here.
A word of warning:
It's worth noting that sessions should be kept to a minimum, large sessions can start to cause performance issues.
It's also recommended to not store any sensitive data in them (passwords, etc).
Solution 3
This is how session state works in ASP.NET and ASP.NET MVC:
ASP.NET Session State Overview
Basically, you do this to store a value in the Session object:
Session["FirstName"] = FirstNameTextBox.Text;
To retrieve the value:
var firstName = Session["FirstName"];
Thuto Paul Gaotingwe
Updated on February 26, 2020Comments
-
Thuto Paul Gaotingwe about 4 years
I am new to ASP.NET MVC. I have used PHP before and it was easy to create a session and select user records based on the current session variables.
I have looked everywhere on the Internet for a simple step-by-step tutorial that can show me how to create and use sessions in my C# ASP.NET MVC 4 application. I want to create a session with user variables that I can access from anywhere in my controllers and be able to use the variables in my LINQ queries.
-
Thuto Paul Gaotingwe over 11 yearsThanks Jobert! u gave me an idea! just wondering though.., it's is possible to add user variables to a session during login? and also will i have access to session variables (created only once) across different controllers in my application?
-
Jobert Enamno over 11 yearsYou can store anything or any data of any type in a session. Once created you can access the value stored to it across all views and controllers. Take note also that session created is only accessible per user and per browser. Meaning the session created by User1 using Firefox cannot be accessed by the same user using IE. There are things also you should not do with session such as. DON'T store large data on it. This may slow the performance of your server. Lastly DON'T store sensitive data to a session such as Password or Credit card number
-
Thuto Paul Gaotingwe over 11 yearsThanks once more again! Where do i create it to be able to access it across different controllers?
-
Mathieu Spillebeen over 11 yearsI thought it was much more complicated, One happy developer here! thanks alot
-
Andrius Naruševičius over 10 years@JobertEnamno is it safe to store the value which comes fromWebSecurity.CurrentUserIdso it doesn't pull it from database multiple times (I found it is very costly)? -
Sangram Nandkhile about 10 yearsVery similar to the Asp.net sessions. -
Shaun314 about 10 yearsWhere would you put the class definition though? I am pretty new to everything still, but I am just curious about how other controllers will see the the class and know what it is. Do you just add it to the top of the controller? I was thinking on SessionStart in global.asax I would initialize things but maybe that's not the best way to do it. -
Joseph Woodward about 10 years@Shaun314 Ideally you'd use an IoC container to inject the object into your controller via dependency injection (see edit).
-
Bellash over 9 yearsThere is no cross controller session so when you request another controller, for example fromAccounttoHome, Session["FirstName"] is null. Developers have to create aBaseControllerand define a protected field (internal protected HttpSessionStateBase SharedSession) that may expose the sharedSessionvariable in all sub controllers(this assumes that all your app controllers inherit from theBaseController) -
Alexandr over 9 yearsUse TempData to share data between controllers gregshackles.com/asp-net-mvc-do-you-know-where-your-tempdata-is -
Akbari almost 9 yearsI'm storing some session information after logging in user using Identity 2. I'm not able to retrieve those information in other actions and controllers else than the first action that I redirect the user to. Any idea?
-
Bellash over 8 yearsThere is no cross controller session so when you request another controller, for example from
Account/LogOntoHome/Index,Session["FirstName"]isnull. Developers have to create a parent controller (BaseController) and define a protected field (internal protected HttpSessionStateBase SharedSession) that may expose the shared Session variable in all sub controllers(this assumes that all your app controllers inherit from theBaseController) -
aeliusd over 8 yearsUmm, sure there is? There's a Session variable in Controller (the base controller provided by MVC).
-
Gökçer Gökdal almost 8 yearsStoring data on static fields, especially user data like Employee name will cause severe problems in multi-user environments. When two different user logged in the system, they will see the same Employee.EmailAddress since static field on Employee is same for each instance.
-
niico over 7 years@Bellash this is completely wrong. Sessions are available across controllers I just set Session["test"] in HomeController then read it in my AccountController. -
Murphybro2 over 6 yearsSo, after creating a default ASP.NET application with individual user account authentication I don't feel I need most of the OWIN stuff. Is this a safe alternative to store whoevers logged into a site?
