2 // System.Web.SessionState.SessionInProcHandler
5 // Stefan Görling (stefan@gorling.se)
7 // (C) 2003 Stefan Görling
11 This is a rather lazy implementation, but it does the trick for me.
14 * Remove abandoned sessions., preferably by a worker thread sleeping most of the time.
15 * Increase session security, for example by using UserAgent i hashcode.
16 * Generate SessionID:s in a good (more random) way.
19 using System.Collections;
21 namespace System.Web.SessionState
23 // Container object, containing the current session state and when it was last accessed.
24 public class SessionContainer
26 private HttpSessionState _state;
27 private long _last_access;
29 public SessionContainer (HttpSessionState state)
37 _last_access = DateTime.Now.Millisecond;
40 public HttpSessionState SessionState {
42 //Check if we should abandon it.
44 (DateTime.Now.Millisecond - _last_access) > (_state.Timeout * 60 * 1000))
57 public class SessionInProcHandler : ISessionHandler
59 protected Hashtable _sessionTable;
60 const string COOKIE_NAME = "ASPSESSION"; // The name of the cookie.
61 // The length of a session, in minutes. After this length, it's abandoned due to idle.
62 const int SESSION_LIFETIME = 45;
64 public void Dispose ()
69 public void Init (HttpApplication context)
71 _sessionTable = new Hashtable();
75 //this is the code that actually do stuff.
76 public void UpdateContext (HttpContext context)
78 SessionContainer container = null;
80 //first we try to get the cookie.
81 // if we have a cookie, we look it up in the table.
82 if (context.Request.Cookies [COOKIE_NAME] != null) {
83 container = (SessionContainer) _sessionTable [context.Request.Cookies [COOKIE_NAME].Value];
85 // if we have a session, and it is not expired, set isNew to false and return it.
86 if (container!=null && container.SessionState!=null && !container.SessionState.IsAbandoned) {
87 // Can we do this? It feels safe, but what do I know.
88 container.SessionState.IsNewSession = false;
89 // update the timestamp.
91 // Can we do this? It feels safe, but what do I know.
92 context.Session = container.SessionState;
93 return; // and we're done
94 } else if(container!=null) {
95 //A empty or expired session, lets kill it.
96 _sessionTable[context.Request.Cookies[COOKIE_NAME]]=null;
100 // else we create a new session.
101 string sessionID = System.Guid.NewGuid ().ToString ();
102 container = new SessionContainer (new HttpSessionState (sessionID, // unique identifier
103 new SessionDictionary(), // dictionary
104 new HttpStaticObjectsCollection(),
105 SESSION_LIFETIME, //lifetime befor death.
107 false, // is cookieless
108 SessionStateMode.InProc,
110 // puts it in the table.
111 _sessionTable [sessionID]=container;
114 context.Session = container.SessionState;
117 // sets the session cookie. We're assuming that session scope is the default mode.
118 context.Response.AppendCookie (new HttpCookie (COOKIE_NAME,sessionID));