locked
Enabling Session RRS feed

  • Question

  • User1168873905 posted

    We are trying to convert an asmx web service to a Web API.  We have a custom session provider configured in our web.config file.  With our asmx webservice we add the attribute

    [WebMethod(EnableSession = true)]

    to our web method and this triggers a call to GetItem in our SessionStateStoreProvider class.  If you don't add EnableSession=true then the GetItem method is never called and HttpContext.Current.Session is null.

    Is there an equivalent attribute for a Web API?  I have tried setting [SessionState(SessionStateBehavior.Required)] on my Api Controller and also made my APIController implement IRequiresSessionState but no matter what I do I cannot get asp to trigger the GetItem method of our SessionStateStoreProvider class.  As a result HttpContext.Current.Session is always null inside of our Web Api method.

    Can anyone help me?  I am stumped.

    Thanks

    James

    Thursday, February 23, 2012 9:54 AM

Answers

  • User1779161005 posted

    Looks like this is not currently supported with the WebApi route extension APIs. The HttpHandler created from the route needs to implement IRequiresSessionState (as you noted above). For the new WebApi route extensions, they're registering the HttpControllerRouteHandler class which produces a HttpControllerHandler which does not implement IRequiresSessionState. These classes all reside in System.Web.Http.WebHost if you're interested in looking at the code yourself.

    You might be able to work around this by calling HttpContext.SetSessionStateBehavior yourself in the http pipeline (such as in Application_AcquireRequestState). I've not tried it myself, but you might be able to force/inform ASP.NET that you want session state for this HttpHandler (IOW, the WebApi HttpHandler).

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Thursday, February 23, 2012 12:41 PM

All replies

  • User1779161005 posted

    Looks like this is not currently supported with the WebApi route extension APIs. The HttpHandler created from the route needs to implement IRequiresSessionState (as you noted above). For the new WebApi route extensions, they're registering the HttpControllerRouteHandler class which produces a HttpControllerHandler which does not implement IRequiresSessionState. These classes all reside in System.Web.Http.WebHost if you're interested in looking at the code yourself.

    You might be able to work around this by calling HttpContext.SetSessionStateBehavior yourself in the http pipeline (such as in Application_AcquireRequestState). I've not tried it myself, but you might be able to force/inform ASP.NET that you want session state for this HttpHandler (IOW, the WebApi HttpHandler).

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Thursday, February 23, 2012 12:41 PM
  • User1168873905 posted

    Thank you very much for replying.  I tried your idea about modifying the Global.asax file to manually call SetSessionStateBehavior.  Unfortunately AcquireRequestState was too late in the pipeline, but I also tried PostAuthorizeRequest and that seems to work fine.  Here is snippet of my code in case someone else runs into the same problem.

        private const string _WebApiPrefix = "api";
        private static string _WebApiExecutionPath = String.Format("~/{0}", _WebApiPrefix);
    
        public static void RegisterRoutes(RouteCollection routes)
        {
          routes.IgnoreRoute("{resource}.axd/{*pathInfo}");
    
          routes.MapHttpRoute(
              name: "DefaultApi",
              routeTemplate: String.Format("{0}/{{controller}}/{{id}}", _WebApiPrefix),
              defaults: new { id = RouteParameter.Optional }
          );
    
        }
    
        protected void Application_PostAuthorizeRequest()
        {
          if (IsWebApiRequest())
          {
            HttpContext.Current.SetSessionStateBehavior(SessionStateBehavior.Required);
          }
        }
    
        private static bool IsWebApiRequest()
        {
          return HttpContext.Current.Request.AppRelativeCurrentExecutionFilePath.StartsWith(_WebApiExecutionPath);
        }

    Thanks again

    James

    Thursday, February 23, 2012 2:52 PM
  • User1182983767 posted

    Thank you very much for this Application_PostAuthorizeRequest() solution! It solved my ASP.NET Web API session problem too. I need to use the session in Application_AcquireRequestState().

    Sunday, March 4, 2012 11:48 PM