In ASP.NET there are various places you can arbitrarily store items. HttpContext.Current.Items, Page.Session (HttpSessionState), Control.ViewState (StateBag), etc.
We have an NHibernate-based ASP.NET ordering system we've recently launched in our company. We have a singleton class that is the entry point to the data access layer, through which we get the current ISession. Because the DAL class is a singleton, the instance is static, so there is only 1 instance in the aspnet_wp.exe, and it is shared by all users of the system. Each user, however, gets their own ISession object through the ISessionFactory. I recently discovered a big design flaw in our system. Our singleton (single static instance) DAL class has an "ExecutingUser" property that contains the credentials of the currently executing user, so that when methods are called in the data access layer, we can determine the calling user's permissions. Because the single DAL instance is shared by all users, this is very bad. DAL.ExecutingUser may be set to user A, but before user A makes a call that is sensitive to his permissions, user B signs on the system, and the DAL.ExecutingUser value gets overwritten with B's credentials. My question is, is there a way to arbitrarily store items in the ISession? Some kind of bag or dictionary where I can store items by key? I'd like to store the "ExecutingUser" value in each ISession, so that it can easily be set from the ASP.NET application, yet easily retrieved from the data access layer code, and have it be unique to each user that is using the web app. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "nhusers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/nhusers?hl=en -~----------~----~----~----~------~----~------~--~---
