I am using uploadify to upload files, they automatically post to the handler. I then modify the session in the handler that I have setup as a static property in a common class of the website. I then try to access that same session in the aspx page, and the value is null. I have a feeling this is because of cookies, but there needs to be a way to work around this without exposing the sessionid in the url.
ASHX:
public class Upload : IHttpHandler, IReadOnlySessionState, IRequiresSessionState
{
public void ProcessRequest(HttpContext context)
{
...
CMSSession.Current.UploadedFiles.Add(fileName);
}
}
Session Class:
public class CMSSession
{
public static CMSSession Current
{
get
{
CMSSession session = (CMSSession)HttpContext.Current.Session["__CMSSession__"];
if (session == null)
{
session = new CMSSession();
HttpContext.Current.Session["__CMSSession__"] = session;
}
return session;
}
}
public List<string> UploadedFiles { get; set; }
}
ASPX:
if (CMSSession.Current.UploadedFiles != null)
{
...
}
else
{
IT'S ALWAYS NULL
}
Web.Config:
<sessionState mode="InProc" cookieless="false" /> - causes session to always null in aspx when modified in ashx
<sessionState mode="InProc" cookieless="true" /> - session value is not null, but sessionid is exposed in the url
How do I access & modify the current session within the ASHX file WITHOUT changing cookieless to true and then access the session from the ASPX page?
I have tried using HttpContext and using the context passed into the ASHX...nothing works.
same as this question, but there has to be a more secure way: session set in ashx and get that session on aspx
Any ideas?
I found the answer: When the handler is being called from FLASH (like swfupload or uploadify) it does not pass the current sessionid to the handler. The handler then creates a NEW session. To fix this, do the following:
Your UI: JavaScript:
$(Selector).uploadify({
swf: 'uploadify.swf',
uploader: 'Upload.ashx?ASPSESSID=<%=Session.SessionID%>'
});
Add to: Global.asax:
void Application_BeginRequest(object sender, EventArgs e)
{
try
{
string session_param_name = "ASPSESSID";
string session_cookie_name = "ASP.NET_SESSIONID";
string session_value = Request.Form[session_param_name] ?? Request.QueryString[session_param_name];
if (session_value != null) { UpdateCookie(session_cookie_name, session_value); }
}
catch (Exception) { }
}
void UpdateCookie(string cookie_name, string cookie_value)
{
HttpCookie cookie = HttpContext.Current.Request.Cookies.Get(cookie_name);
if (cookie == null)
{
HttpCookie cookie1 = new HttpCookie(cookie_name, cookie_value);
Response.Cookies.Add(cookie1);
}
else
{
cookie.Value = cookie_value;
HttpContext.Current.Request.Cookies.Set(cookie);
}
}
Taken & simplified for uploadify from: http://snipplr.com/view/15180/
You may need to use an authid if using formsauthentication:
&AUTHID=<%= Request.Cookies[FormsAuthentication.FormsCookieName] == null ? "" : Request.Cookies[FormsAuthentication.FormsCookieName].Value %>
append that to the uploader parameter in the jQuery.
Then add the following to the global:
try
{
string auth_param_name = "AUTHID";
string auth_cookie_name = FormsAuthentication.FormsCookieName;
string auth_value = Request.Form[auth_param_name] ?? Request.QueryString[auth_param_name];
if (auth_value != null) { UpdateCookie(auth_cookie_name, auth_value); }
}
catch (Exception) { }
You can now access the same session from the handler (even using the static session object I used above in the question) in IE, Chrome, FF, ect.