When to use TempData vs Session in ASP.Net MVC -


i trying hang of mvc framework bear me.

right now, thing i'm using session store storing current logged in user. website simple. example, consider 3 domain objects, person, meeting, , file. users can log in , view "members only" profile of meeting , can add files it, or view meeting's public "profile" if aren't logged in.

so, meeting's private profile, logged in user, have "add files" link. link routes filecontoller.add(int meetingid). action, meeting user want add files using meeting id, after form posted, still need know meeting user adding files to. that's question lies, should pass "currently interacting with" meeting through tempdata, or add session store?

this how have add action setup, it's not working:

    public actionresult add(int meetingid)     {         try         {             var meeting = _meetingsrepository.getbyid(meetingid);             viewdata.model = meeting;             tempdata[tempdatakeys.currentmeeting] = meeting; /* add tempdata here */         }         catch (exception)         {             tempdata[tempdatakeys.errormessage] = "unable add files meeting.";             return redirecttoroute("meetingsindex");         }          return view();     }      [acceptverbs(httpverbs.post)]     public actionresult add(formcollection form)     {         var member = session[sessionstatekeys.member] member;         var meeting = tempdata[tempdatakeys.currentmeeting] meeting; /* meeting ends null here */          if (member == null)         {             tempdata[tempdatakeys.errormessage] = "you must logged in add files meeting.";             return redirecttoroute("loginpage");         }          if (meeting == null)          {             tempdata[tempdatakeys.errormessage] = "an error occurred. no meeting selected.";             return redirecttoroute("meetingsindex");         }              // add files meeting          tempdata[tempdatakeys.notification] = "successfully added.";         return redirecttoroute("addfiles", new {meetingid = meeting.meetingid}); }

edit:

based on of answers, can 1 provide examples on kind of data (other messages) should stored in tempdata vs session?

tempdata session, they're not entirely different. however, distinction easy understand, because tempdata redirects, , redirects only. when set message in tempdata , redirect, using tempdata correctly.

however, using session kind of security extremely dangerous. session , membership entirely separate in asp.net. you can "steal" sessions other users, , yes, people attack web sites way. if want selectively stop post information based on whether user logged in, @ isauthenticated, , if want selectively show information based on type of user logged in, use role provider. because gets can cached, only way selectively allow access action in authorizeattribute.

update in response edited question: have example of using tempdata in question, namely, returning simple error message after failed post. in terms of should stored in session (beyond "not much"), think of session user-specific cache. non-user-specific cache, should not put security-sensitive information there. it's place stick stuff relatively expensive up. example, our site.master has user's full name displayed on it. stored in database, , don't want database query for every page serve. (an installation of our application used in single company, user's full name not considered "security-sensitive.") if think of session cache varies cookie user has, won't far wrong.


Comments

Post a Comment

Popular posts from this blog

javascript - Using jquery append to add option values into a select element not working -

i'm looking dynamically populate select element names of items stored array. for reason it's not working , i'm not sure why. html: <div class="col-md-4 col-md-offset-4"> <select class="select1"> </select> , <select class="select2"> </select> </div> note i'm using bootstrap layout. here's jquery i'm using try , populate ".select1" jquery: select: function() { $.each(state.greens, function(index, value) { $(".select1").append("<option value =' " + index + " '>" + state.greens[index].name + "</option>"); }); } note function 'select' stored within object called 'display'. state.greens name of array i'm trying access. so @ end of html page call display.select(); call function. no error messages showing in console. also, saw question: appending
Read more

Android soft keyboard reverts to default keyboard on orientation change -

i'm building android soft keyboard , can't seem fix bug - have arabic , qwerty keyboard , when rotate device on qwerty keyboard (or arabic shift), it's if program has "restarted" , becomes arabic keyboard without shift. the onsaveinstancestate(bundle savedinstancestate) not work because application not extend activity inputmethodservice . i put following in android manifest android:configchanges="keyboard|keyboardhidden|orientation" android:windowsoftinputmode="stateunchanged|adjustresize"> i tried using @override public void onconfigurationchanged(configuration newconfig) { super.onconfigurationchanged(newconfig); log.i(mydebug, "config changed " + currentkeyboard.equals(qwerty)); } however, currentkeyboard.equals(qwerty)) results false , made sure true before orientation change. any appreciated. i think applications fault. if application restarting on orientation change
Read more

jquery - javascript onscroll fade same class but with different div -

i new @ javascript , want learn new. there wrong code : why div fades @ same time. i want ask how fade different div s same class name.can me , explain me. thanks in advance. javascript: $(window).scroll(function(){ if ($( "div.fade" ).offset().top - $(window).scrolltop() <= 100){ $('.fade').addclass( "fade-in"); } else { $('.fade').removeclass("fade-in"); } }); here jsfiddle onscroll = function () { var scrolltop = $(this).scrolltop() ; $("div.fade").each(function(){ if(($(this).offset().top - scrolltop) <= 100){ $(this).toggleclass("fade-in"); } }) }
Read more