set it before accessing and write some defensive code like:
+1 to writing defensive code, but here are some thoughts.
You might want a simple programming model that leads to clean code. One way to do this is to wrap all Session variables up into type-safe properties, such as
public string UserId
{
get { return (string) Session["UserId"]; }
set { Session["UserId"] = value; }
}
Now this has no defensiveness in it, other than it throws exceptions when the Session doesn't contain the value when you try to read it, which is a defense of sorts and highlights logical and other programming/run-time errors (why are you reading from Session when it's not set? Are we defending against Session timeouts? etc.)
What this does, though, is to clean the code up tremendously. No more weird casts. All the string literals are in one place (although, to be fair, the "UserId" should probably be defined as a constant.)
Another technique that you can consider is this
public static class SessionExtensions
{
public static T GetValue<T>(this HttpSessionState session, string key, T defaultValue = default(T), bool throwException = false)
{
T value = defaultValue;
try
{
value = (T) session[key];
}
catch
{
if (throwExceptions)
throw;
}
return value;
}
}
This little helper makes it cleaner to read values and decide whether you want some choosable default value (if the item is not in the Session), or whether you want it to throw exceptions.
So you can write code such as:
// Will return the value of Session["count"] or 0
// if Session["count"] does not exist
int count = Session.GetValue<int>("count");
// Will return the value of Session["count"] or 10
// if Session["count"] does not exist
int count = Session.GetValue<int>("count",10);
// Will return the value of Session["count"] or will throw
// an exception if Session["count"] does not exist
int count = Session.GetValue<int>("count", throwException: true);
So just some ideas on how you can make your code that accesses the Session object both safer and a little easier to read.
DMW
All-Star
15943 Points
2353 Posts
Re: Session in asp.net
Mar 19, 2012 03:10 PM|LINK
+1 to writing defensive code, but here are some thoughts.
You might want a simple programming model that leads to clean code. One way to do this is to wrap all Session variables up into type-safe properties, such as
public string UserId { get { return (string) Session["UserId"]; } set { Session["UserId"] = value; } }Now this has no defensiveness in it, other than it throws exceptions when the Session doesn't contain the value when you try to read it, which is a defense of sorts and highlights logical and other programming/run-time errors (why are you reading from Session when it's not set? Are we defending against Session timeouts? etc.)
What this does, though, is to clean the code up tremendously. No more weird casts. All the string literals are in one place (although, to be fair, the "UserId" should probably be defined as a constant.)
Another technique that you can consider is this
public static class SessionExtensions { public static T GetValue<T>(this HttpSessionState session, string key, T defaultValue = default(T), bool throwException = false) { T value = defaultValue; try { value = (T) session[key]; } catch { if (throwExceptions) throw; } return value; } }This little helper makes it cleaner to read values and decide whether you want some choosable default value (if the item is not in the Session), or whether you want it to throw exceptions.
So you can write code such as:
// Will return the value of Session["count"] or 0 // if Session["count"] does not exist int count = Session.GetValue<int>("count"); // Will return the value of Session["count"] or 10 // if Session["count"] does not exist int count = Session.GetValue<int>("count",10); // Will return the value of Session["count"] or will throw // an exception if Session["count"] does not exist int count = Session.GetValue<int>("count", throwException: true);So just some ideas on how you can make your code that accesses the Session object both safer and a little easier to read.
Dave