Sir Thomas - 50 - Oct 5, 2014

Question about loading AuthUserSessions from a Db. I want to persist sessions between application restarts, and I cannot change the CacheClient from MemoryCache for different reasons.

Right now I have a custom auth provider doing minor stuff on authenticate (loading roles, etc) and also does a Db.Save<CustomAuthSession>().  On application start, I do a ResolveService<CustomSessionService> and trigger a Reload.  Loads sessions from db, check expiration, and then do a IsAuthenticated = true and this.SaveSession( ).

This doesn’t seem to work if I load the sessions automatically on startup (after the apphost.start).  But, if I trigger the reload request via  Chrome once it’s running (/api/reloadsessions), then it works.

I think it’s something related to SessionBag being null at first.  Odd.

Any tips?

Resolving a Service outside the context of a Request (i.e. on AppStart) is the same as resolving an instance from the IOC (which is all its doing). The base.Request context will be empty, which is what contains the Session Cookies which are ids that identify the Session for the Request. Without the Cookies you have no way of knowing what Session to use.

Sir Thomas:

So where do I store/load saved sessions on startup … or alternatively (and probably better), how to intercept the RedirectIfNotAuthenticated call in Razor pages so that only on-demand, I can query for saved sessions, and load if match is found?

Can I do this through the AppHost ?


I’m not sure what you mean by loading sessions, are you talking about a particular session or all of them? The supported way sessions persist across across AppDomain restarts is to use a distributed cache which you’ve mentioned you can’t do. If you’re trying an alternative approach I’d like to see the code you’re using to see if it’s a viable solution or not. Are you just trying to pre-populate the MemoryCacheClient from an external source? If so you shouldn’t need access to the Request Context for that. As for RedirectIfNotAuthenticated it’s just an API that gets explicitly called, if you want to intercept it just call your wrapper method which does any post or pre processing? 

Sir Thomas:

I found what the issue is.  In the CredentialsAuthProvider, at the time of OnAuthenticated the ss-id is not yet known (if it is I can’t find it) and only the ss-pid is known.  I am saving to Db the session, but its Id is the “pid”.

Rather than reload all on startup, I tried altering my login page to test.  If there are both PID & ID cookie, trigger a service that finds a session by pid and if so, replace the Id of the session to the ss-id value, then do a SaveSession(  ).  Then the IsAuthenticated works.

Should be able to get this to work.  Thanks.

Sir Thomas:

Interesting:  I call RedirectIfNotAuthenticated from a public void method in my own abstract ViewPage, that inherits the Razor.ViewPage, and throws exception.

I presume it is related to execution flow being interrupted to a new page and the method doesn’t return.  Safe to ignore?

Yeah it’ll throw a StopExecutionException() which is what you can throw to prevent further execution of the Razor page. You can let it bubble/ or rethrow it.