In ASP.NET MVC 4, I have a multipage app that does some security checking on the first page, stores the results in a Session variable, then uses OnActionExecuting on every Controller to test the Session variable as I move from page to page. One of the views uses a WebGrid with sortable columns. When I click on the column header to engage the sort, I get a call to the view's default Action, but, in OnActionExecuting, the Session variable is not there. It appears to have created a new session. My logic then treats it as a security failure.
I have not yet found where this click (to sort) is being handled, so that's my first issue - perhaps I could influence what is being passed in. Alternatively, (and ideally), there is a setting in WebGrid that I have missed that would maintain the current Session. I am away from the code at the moment, but those are the things I haven't found yet.
What I am looking for is a way to preserve the Session while using the WebGrid sortable column feature.
Additional Information: In the view, the WebGrid's <th> elements are all anchors, like <a href="/MyController?sort=MyColumnName?sortdir=ASC">
(I could use a better answer, but this worked for me)
Since the value in the heading is actually an anchor, I was able to discover that the QUERY_STRING always contains "sort=". Thus, I could at least check for this and restore the missing security variable to the Session, based on the assumption that, if I am getting this query string, the user has passed the security test before.
(filterContext.RequestContext.HttpContext.Request.Params["QUERY_STRING"].Contains("sort="))
I'm still thinking that WebGrid should not be starting a new session for me, but at least this workaround will get me going.
NOTE FOR FUTURE REFERENCE: We were using the <system.web> setting <sessionState cookieless="true">. Apparently, when WebGrid sets up its links for sorting, it does not detect that setting, thus it does not include the session id in the URL. This is why WebGrid was starting a new session for us.