This is a memory leak. Use the HttpContext.Current.Items for this.
On Sat, Sep 27, 2008 at 3:13 AM, Will Shaver <[EMAIL PROTECTED]> wrote: > Don't know about storing an arbitrary set of data in an ISession... but why > not do this: > > IDictionary<ISession,ExecutingUser> executingUsers = new > Dictionary<ISession,ExecutingUser>(); > ... > Just be sure to pull them out when you close the sessions... > > > > > On Fri, Sep 26, 2008 at 4:58 PM, MAMMON <[EMAIL PROTECTED]> wrote: > >> >> In ASP.NET <http://asp.net/> there are various places you can arbitrarily >> store items. >> HttpContext.Current.Items, Page.Session (HttpSessionState), >> Control.ViewState (StateBag), etc. >> >> We have an NHibernate-based ASP.NET <http://asp.net/> ordering system >> we've recently >> launched in our company. We have a singleton class that is the entry >> point to the data access layer, through which we get the current >> ISession. >> >> Because the DAL class is a singleton, the instance is static, so there >> is only 1 instance in the aspnet_wp.exe, and it is shared by all users >> of the system. Each user, however, gets their own ISession object >> through the ISessionFactory. >> >> I recently discovered a big design flaw in our system. Our singleton >> (single static instance) DAL class has an "ExecutingUser" property >> that contains the credentials of the currently executing user, so that >> when methods are called in the data access layer, we can determine the >> calling user's permissions. Because the single DAL instance is shared >> by all users, this is very bad. DAL.ExecutingUser may be set to user >> A, but before user A makes a call that is sensitive to his >> permissions, user B signs on the system, and the DAL.ExecutingUser >> value gets overwritten with B's credentials. >> >> My question is, is there a way to arbitrarily store items in the >> ISession? Some kind of bag or dictionary where I can store items by >> key? I'd like to store the "ExecutingUser" value in each ISession, so >> that it can easily be set from the ASP.NET <http://asp.net/> application, >> yet easily >> retrieved from the data access layer code, and have it be unique to >> each user that is using the web app. >> >> >> >> --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "nhusers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/nhusers?hl=en -~----------~----~----~----~------~----~------~--~---
