When to use TempData vs Session in ASP.Net MVC -
i trying hang of mvc framework bear me.
right now, thing i'm using session store storing current logged in user. website simple. example, consider 3 domain objects, person, meeting, , file. users can log in , view "members only" profile of meeting , can add files it, or view meeting's public "profile" if aren't logged in.
so, meeting's private profile, logged in user, have "add files" link. link routes filecontoller.add(int meetingid). action, meeting user want add files using meeting id, after form posted, still need know meeting user adding files to. that's question lies, should pass "currently interacting with" meeting through tempdata, or add session store?
this how have add action setup, it's not working:
public actionresult add(int meetingid) { try { var meeting = _meetingsrepository.getbyid(meetingid); viewdata.model = meeting; tempdata[tempdatakeys.currentmeeting] = meeting; /* add tempdata here */ } catch (exception) { tempdata[tempdatakeys.errormessage] = "unable add files meeting."; return redirecttoroute("meetingsindex"); } return view(); } [acceptverbs(httpverbs.post)] public actionresult add(formcollection form) { var member = session[sessionstatekeys.member] member; var meeting = tempdata[tempdatakeys.currentmeeting] meeting; /* meeting ends null here */ if (member == null) { tempdata[tempdatakeys.errormessage] = "you must logged in add files meeting."; return redirecttoroute("loginpage"); } if (meeting == null) { tempdata[tempdatakeys.errormessage] = "an error occurred. no meeting selected."; return redirecttoroute("meetingsindex"); } // add files meeting tempdata[tempdatakeys.notification] = "successfully added."; return redirecttoroute("addfiles", new {meetingid = meeting.meetingid}); }
edit:
based on of answers, can 1 provide examples on kind of data (other messages) should stored in tempdata vs session?
tempdata session, they're not entirely different. however, distinction easy understand, because tempdata redirects, , redirects only. when set message in tempdata , redirect, using tempdata correctly.
however, using session kind of security extremely dangerous. session , membership entirely separate in asp.net. you can "steal" sessions other users, , yes, people attack web sites way. if want selectively stop post information based on whether user logged in, @ isauthenticated, , if want selectively show information based on type of user logged in, use role provider. because gets can cached, only way selectively allow access action in authorizeattribute.
update in response edited question: have example of using tempdata in question, namely, returning simple error message after failed post. in terms of should stored in session (beyond "not much"), think of session user-specific cache. non-user-specific cache, should not put security-sensitive information there. it's place stick stuff relatively expensive up. example, our site.master has user's full name displayed on it. stored in database, , don't want database query for every page serve. (an installation of our application used in single company, user's full name not considered "security-sensitive.") if think of session cache varies cookie user has, won't far wrong.
Comments
Post a Comment