Is it safe to use session for users' accounts?

Question

User-2026864067 posted

I want to differentiate users' accounts from logged user's profile. I have one view for each of them. And two controllers, one of them for logged user's account, another for other users. I used session variables for it. It works without problem. But i wonder, is it safe to use session or do you have any suggestions?

public ActionResult MainAccount(int? id)
    {
        if (Session["ActiveUser"]!=null)
        {
    List<User> selecteduser = _context.Users.Where(p => p.ID == id).ToList();


        // add Prod = _context.Product.Where(p=>p.User.ID == us.ID).ToList()
        var vm = new HMViewM()
        {
            homesec1 = _context.homesec1slider.ToList(),
            userr = selecteduser,
            Prod = _context.Products.Where(p => p.User.ID == id).ToList(),
            Photopr=_context.PhotoProducts.Where(ph=>ph.Product.id==ph.ImageId).ToList(),

        };

        return View(vm);
        }
        return RedirectToAction("Register","Account");
    }

    public ActionResult MyAccount(int?id)
    { 
       List< User> us = Session["ActiveUser"] as List< User>;
        var vm = new HMViewM()
        {
            homesec1 = _context.homesec1slider.ToList(),
            userr = us,
            Prod = _context.Products.Where(p => p.User.ID == id).ToList(),
            Photopr = _context.PhotoProducts.Where(ph => ph.Product.id == ph.ImageId).ToList(),

        }; ;
        return RedirectToAction("MainAccount");
    }

@using HandMShop.Models
@model HandMShop.ViewModel.HMViewM
@{
    ViewBag.Title = "MainAccount";
    Layout = "~/Views/Shared/_Layout.cshtml";
}
@foreach (User userprof in Model.userr.ToList())
{
    <section id="team" class="pb-5">
    <div class="container">
  <div class="row">
   <div class="wrapp">
<!-- Team member -->
    <div class="col-xs-12 col-sm-6 col-md-12 ">
   <div class="image-flip" ontouchstart="this.classList.toggle('hover');">
     <div class="mainflip">
      <div class="frontside">
         <div class="card">
        <div class="card-body text-center">
  @if (@userprof.Gender == "female")
 {<p><img class=" img-fluid" src="~/PublicFront/images/Busywoman.png" alt="card image"></p>   }
 else {
  <p> <img src="~/PublicFront/images/executive-businessman-cartoon_18591-40407.jpg" /></p>
}
 <h4 class="card-title">@userprof.FirstName @userprof.LastName</h4>
 <p class="card-text">@userprof.AboutUser</p>
 <a href="#" class="btn btn-primary btn-sm"><i class="fa fa-plus"></i></a>
</div>
</div>
</div>
<div class="backside">
<div class="card">
<div class="card-body text-center mt-4">
<h4 class="card-title">@userprof.FirstName @userprof.LastName , @userprof.Age</h4>
<p class="card-text">@userprof.AboutUser</p>
<ul class="list-inline list-block">
<li class="  ">
<a class="social-icon text-xs-center" target="_blank" href="#">
<i class="fas fa-phone-volume"></i> @userprof.PhoneNumber</a></li>
<li class="  ">
<a class="social-icon text-xs-center" target="_blank" href="#">
<i class="far fa-envelope"></i> @userprof.Email
</a></li>
<li class="  ">
<a class="social-icon text-xs-center" target="_blank" href="#">
<i class="fab fa-instagram"></i>@userprof.instagram
</a></li>
<li class="  ">
<a class="social-icon text-xs-center" target="_blank" href="#">
<i class="fas fa-map-marker-alt"></i>@userprof.CountryName,@userprof.CityName
</a>
</li>
@if (Session["ActiveUser"] != null)
{
User us = Session["ActiveUser"] as User;
if (us.ID == userprof.ID){
<li class="  ">
<a class="social-icon text-xs-center" target="_blank" href="#">
<i class="fas fa-map-marker-alt"></i>Edit
</a></li>
}}

</ul></div></div></div></div></div></div>
<!-- ./Team member -->
</div> </div>  </div>
</section>

<!--container.//-->
<section class="page-section" id="relatedprod">
    <div class="container">
        <div class="row middle">

            <div class="col-lg-12 text-center">
                <h2 class="section-heading ">Muellifin isleri</h2>
            </div>
            @foreach (Product prd in Model.Prod.Where(i=>i.userid==userprof.ID).ToList())
            {
                    <div class="col-md-4">
                        <figure class="card card-product mehsul">
                            @if (prd.PhotoProducts.FirstOrDefault() != null)
                            {
                                <div class="img-wrap">
                                    <img class="img-fluid mehsulimg" src="@prd.PhotoProducts.First().ImageName" alt="">
                                </div>
                            }
                            else
                            {
                                <div class="img-wrap">
                                    <img class="img-fluid mehsulimg" alt="No Photo Available">
                                </div>
                            }

                            <div class="handhover">

                                <img class="img-fluid" src="~/PublicFront/images/serv2b712.jpg" alt="">
                            </div>
                            <figcaption class="info-wrap">
                                <h4 id="" class="title DottedName">@prd.ProdName </h4>

                            </figcaption>
                            <div class="bottom-wrap">
                                <a href="/Shop/Product/@prd.id" class="btn btn-sm btn-primary float-right">Order Now</a>
                                <div class="price-wrap h5">
                                    <span class="price-new">@prd.Price AZN</span> <del class="price-old">$1980</del>
                                </div> <!-- price-wrap.// -->
                            </div> <!-- bottom-wrap.// -->
                        </figure>
                    </div> <!-- col // -->
                
}

        </div>
    </div>
</section>
}

    public class HMViewM
{
    public List<User> userr { get; set; }
    public List<homesec1slider> homesec1 { get; set; }
    public  List<Category>  catg { get;set; }
    public List<Colour> colrs { get; set; }
    public List<PhotoProduct> Photopr { get; set; }
    public List<Product> Prod { get; set; }

}

Answer 1

User-821857111 posted

It's fine to use session to store an individual user's profile. One thing that isn't clear from your code is why you are storing a List<User> in session, when a List is a collection that usually represents more than one element. 

Answer 2

User-2026864067 posted

Because userr is a List in my Viewmodel, and it showed me  error here userr = us,

public List<User> userr { get; set; }

Answer 3

User665608656 posted

Hi,  Aytaj

What's your error? We cannot see your error, can you describe it in detail?

Best Regards,

YongQing.

Answer 4

User753101303 posted

Hi,

If you have an error always tell which error you have. What I dislike for now is that you have Session["ActiveUser"] as List<User> but in your view you have Session["ActiveUser"] As User

Pick whatever you need but IMO avoid to not always store the same type inside a single Session variable. Not directly related but:
- hiding session variables behind a strongly typed class is often convenient (intellisense, consistency, loading on demand if needed, easy to change if needed)

I prefer to use (myType)var if i'm 100% sure about the type I want to cast to (and throw if I made a programming error). When using var as myType you'll get null if the cast is not valid and you are supposed to somewhat expect and handle that.

Browser session is fine for small amounts of data which are very frequently used. As hinted earlier I prefer to hide this behind my own class and to load values on demand (so that I'm immune to session timeout). Basically I'm using the Session as a user scoped cache.