2 // System.Web.SessionState.SessionInProcHandler
5 // Stefan Görling (stefan@gorling.se)
7 // (C) 2003 Stefan Görling
11 This is a rather lazy implementation, but it does the trick for me.
14 * Remove abandoned sessions., preferably by a worker thread sleeping most of the time.
15 * Increase session security, for example by using UserAgent i hashcode.
19 using System.Collections;
21 namespace System.Web.SessionState
23 // Container object, containing the current session state and when it was last accessed.
24 internal class SessionContainer
26 private HttpSessionState _state;
27 private DateTime last_access;
29 public SessionContainer (HttpSessionState state)
37 last_access = DateTime.Now;
40 public HttpSessionState SessionState {
42 //Check if we should abandon it.
43 if (_state != null && last_access.AddMinutes (_state.Timeout) < DateTime.Now)
56 internal class SessionInProcHandler : ISessionHandler
58 protected Hashtable _sessionTable;
59 // The length of a session, in minutes. After this length, it's abandoned due to idle.
60 const int SESSION_LIFETIME = 45;
62 private SessionConfig config;
64 public void Dispose ()
69 public void Init (HttpApplication context, SessionConfig config)
72 _sessionTable = (Hashtable) AppDomain.CurrentDomain.GetData (".MonoSessionInProc");
73 if (_sessionTable == null)
74 _sessionTable = new Hashtable();
77 public void UpdateHandler (HttpContext context, SessionStateModule module)
81 //this is the code that actually do stuff.
82 public bool UpdateContext (HttpContext context, SessionStateModule module)
84 SessionContainer container = null;
85 string id = SessionId.Lookup (context.Request, config.CookieLess);
87 //first we try to get the cookie.
88 // if we have a cookie, we look it up in the table.
90 container = (SessionContainer) _sessionTable [id];
92 // if we have a session, and it is not expired, set isNew to false and return it.
93 if (container!=null && container.SessionState!=null && !container.SessionState.IsAbandoned) {
94 // Can we do this? It feels safe, but what do I know.
95 container.SessionState.SetNewSession (false);
96 // update the timestamp.
98 // Can we do this? It feels safe, but what do I know.
99 context.SetSession (container.SessionState);
100 return false; // and we're done
101 } else if(container!=null) {
102 _sessionTable.Remove (id);
106 // else we create a new session.
107 string sessionID = SessionId.Create (module.Rng);
108 container = new SessionContainer (new HttpSessionState (sessionID, // unique identifier
109 new SessionDictionary(), // dictionary
110 HttpApplicationFactory.ApplicationState.SessionObjects,
111 SESSION_LIFETIME, //lifetime befor death.
113 false, // is cookieless
114 SessionStateMode.InProc,
115 module.IsReadOnly)); //readonly
116 // puts it in the table.
117 _sessionTable [sessionID]=container;
118 AppDomain.CurrentDomain.SetData (".MonoSessionInProc", _sessionTable);
121 context.SetSession (container.SessionState);
122 context.Session.SetNewSession (true);