2 // System.Web.SessionState.SessionInProcHandler
5 // Stefan Görling (stefan@gorling.se)
7 // (C) 2003 Stefan Görling
11 This is a rather lazy implementation, but it does the trick for me.
14 * Remove abandoned sessions., preferably by a worker thread sleeping most of the time.
15 * Increase session security, for example by using UserAgent i hashcode.
16 * Generate SessionID:s in a good (more random) way.
20 using System.Collections;
22 namespace System.Web.SessionState
24 // Container object, containing the current session state and when it was last accessed.
25 internal class SessionContainer
27 private HttpSessionState _state;
28 private DateTime last_access;
30 public SessionContainer (HttpSessionState state)
38 last_access = DateTime.Now;
41 public HttpSessionState SessionState {
43 //Check if we should abandon it.
44 if (_state != null && last_access.AddMinutes (_state.Timeout) < DateTime.Now)
57 internal class SessionInProcHandler : ISessionHandler
59 protected Hashtable _sessionTable;
60 // The length of a session, in minutes. After this length, it's abandoned due to idle.
61 const int SESSION_LIFETIME = 45;
63 private SessionConfig config;
65 public void Dispose ()
70 public void Init (HttpApplication context, SessionConfig config)
73 _sessionTable = (Hashtable) AppDomain.CurrentDomain.GetData (".MonoSessionInProc");
74 if (_sessionTable == null)
75 _sessionTable = new Hashtable();
78 public void UpdateHandler (HttpContext context, SessionStateModule module)
82 //this is the code that actually do stuff.
83 public bool UpdateContext (HttpContext context, SessionStateModule module)
85 SessionContainer container = null;
86 string id = SessionId.Lookup (context.Request, config.CookieLess);
88 //first we try to get the cookie.
89 // if we have a cookie, we look it up in the table.
91 container = (SessionContainer) _sessionTable [id];
93 // if we have a session, and it is not expired, set isNew to false and return it.
94 if (container!=null && container.SessionState!=null && !container.SessionState.IsAbandoned) {
95 // Can we do this? It feels safe, but what do I know.
96 container.SessionState.IsNewSession = false;
97 // update the timestamp.
99 // Can we do this? It feels safe, but what do I know.
100 context.SetSession (container.SessionState);
101 return false; // and we're done
102 } else if(container!=null) {
103 _sessionTable.Remove (id);
107 // else we create a new session.
108 string sessionID = SessionId.Create (module.Rng);
109 container = new SessionContainer (new HttpSessionState (sessionID, // unique identifier
110 new SessionDictionary(), // dictionary
111 new HttpStaticObjectsCollection(),
112 SESSION_LIFETIME, //lifetime befor death.
114 false, // is cookieless
115 SessionStateMode.InProc,
117 // puts it in the table.
118 _sessionTable [sessionID]=container;
119 AppDomain.CurrentDomain.SetData (".MonoSessionInProc", _sessionTable);
122 context.SetSession (container.SessionState);
123 context.Session.IsNewSession = true;