Perfect guys, thanks. Funny that the answer (HttpContext.Current.Items) was in my original post....I don't know why it didn't occur to me earlier.
Thanks again On Sep 27, 9:00 pm, "Ricardo Borges" <[EMAIL PROTECTED]> wrote: > You can think about values and objects in HttpContext.Current.Items > like "singleton per request/user". > > 2008/9/27 Ayende Rahien <[EMAIL PROTECTED]>: > > > This is a memory leak. > > > Use the HttpContext.Current.Items for this. > > > On Sat, Sep 27, 2008 at 3:13 AM, Will Shaver <[EMAIL PROTECTED]> wrote: > > >> Don't know about storing an arbitrary set of data in an ISession... but > >> why not do this: > > >> IDictionary<ISession,ExecutingUser> executingUsers = new > >> Dictionary<ISession,ExecutingUser>(); > >> ... > >> Just be sure to pull them out when you close the sessions... > > >> On Fri, Sep 26, 2008 at 4:58 PM, MAMMON <[EMAIL PROTECTED]> wrote: > > >>> In ASP.NET there are various places you can arbitrarily store items. > >>> HttpContext.Current.Items, Page.Session (HttpSessionState), > >>> Control.ViewState (StateBag), etc. > > >>> We have an NHibernate-based ASP.NET ordering system we've recently > >>> launched in our company. We have a singleton class that is the entry > >>> point to the data access layer, through which we get the current > >>> ISession. > > >>> Because the DAL class is a singleton, the instance is static, so there > >>> is only 1 instance in the aspnet_wp.exe, and it is shared by all users > >>> of the system. Each user, however, gets their own ISession object > >>> through the ISessionFactory. > > >>> I recently discovered a big design flaw in our system. Our singleton > >>> (single static instance) DAL class has an "ExecutingUser" property > >>> that contains the credentials of the currently executing user, so that > >>> when methods are called in the data access layer, we can determine the > >>> calling user's permissions. Because the single DAL instance is shared > >>> by all users, this is very bad. DAL.ExecutingUser may be set to user > >>> A, but before user A makes a call that is sensitive to his > >>> permissions, user B signs on the system, and the DAL.ExecutingUser > >>> value gets overwritten with B's credentials. > > >>> My question is, is there a way to arbitrarily store items in the > >>> ISession? Some kind of bag or dictionary where I can store items by > >>> key? I'd like to store the "ExecutingUser" value in each ISession, so > >>> that it can easily be set from the ASP.NET application, yet easily > >>> retrieved from the data access layer code, and have it be unique to > >>> each user that is using the web app. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "nhusers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/nhusers?hl=en -~----------~----~----~----~------~----~------~--~---
