Don't know about storing an arbitrary set of data in an ISession... but why not do this:
IDictionary<ISession,ExecutingUser> executingUsers = new Dictionary<ISession,ExecutingUser>(); ... Just be sure to pull them out when you close the sessions... On Fri, Sep 26, 2008 at 4:58 PM, MAMMON <[EMAIL PROTECTED]> wrote: > > In ASP.NET <http://asp.net/> there are various places you can arbitrarily > store items. > HttpContext.Current.Items, Page.Session (HttpSessionState), > Control.ViewState (StateBag), etc. > > We have an NHibernate-based ASP.NET <http://asp.net/> ordering system > we've recently > launched in our company. We have a singleton class that is the entry > point to the data access layer, through which we get the current > ISession. > > Because the DAL class is a singleton, the instance is static, so there > is only 1 instance in the aspnet_wp.exe, and it is shared by all users > of the system. Each user, however, gets their own ISession object > through the ISessionFactory. > > I recently discovered a big design flaw in our system. Our singleton > (single static instance) DAL class has an "ExecutingUser" property > that contains the credentials of the currently executing user, so that > when methods are called in the data access layer, we can determine the > calling user's permissions. Because the single DAL instance is shared > by all users, this is very bad. DAL.ExecutingUser may be set to user > A, but before user A makes a call that is sensitive to his > permissions, user B signs on the system, and the DAL.ExecutingUser > value gets overwritten with B's credentials. > > My question is, is there a way to arbitrarily store items in the > ISession? Some kind of bag or dictionary where I can store items by > key? I'd like to store the "ExecutingUser" value in each ISession, so > that it can easily be set from the ASP.NET <http://asp.net/> application, > yet easily > retrieved from the data access layer code, and have it be unique to > each user that is using the web app. > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "nhusers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/nhusers?hl=en -~----------~----~----~----~------~----~------~--~---
