Is it safe to access asp.net session variables through static properties of a static object?
Here is what I mean:
public static class SessionHelper
{
public static int Age
{
get
{
return (int)HttpContext.Current.Session["Age"];
}
set
{
HttpContext.Current.Session["Age"] = value;
}
}
public static string Name
{
get
{
return (string)HttpContext.Current.Session["Name"];
}
set
{
HttpContext.Current.Session["Name"] = value;
}
}
}
Is it possible that userA could access userB's session data this way?
Yes, that way is fine - just make sure you don't do this:
public static class SessionHelper
{
private static HttpSession sess = HttpContext.Current.Session;
public static int Age
{
get
{
return (int)sess["Age"];
}
set
{
sess["Age"] = value;
}
}
}
As ive seen this way show one user's session data to another user. (Albeit in ASP.NET 1.1)
IMHO, this is actually a good approach. It is type safe, add that level abstraction that could allow you to change things with minimal impact.
An example of something you might change, if you decided some state should move to the cache or even the database combined with caching, these would require additional thread synchronization, but could all be handled by the internals of this class. You might consider changing name of the class to something less session specific.
The one comment I would have on your particular example is that you should check that the Session variable is not null and either return an appropriate default, assert or raise an informative exception if it is. Just in case the property is read before it is being set.
In fact, here is my "base" SessionClass.
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
public static class CSession
{
private static readonly string zE = "";
private static readonly string CrLF = Environment.NewLine;
private static bool bStopHere = true;
/// <summary>
/// Get a session variable
/// </summary>
/// <param name="pSessionKey"></param>
/// <returns></returns>
public static object Get(string pSessionKey)
{
object t = null;
if (HttpContext.Current.Session[pSessionKey] != null) { t = (object)HttpContext.Current.Session[pSessionKey]; }
return t;
}//object Get(string pSessionKey)
/// <summary>
/// Set a session variable
/// </summary>
/// <param name="pSessionKey"></param>
/// <param name="pObject"></param>
public static void Set(string pSessKey, object pObject)
{
HttpContext.Current.Session.Remove(pSessKey);
HttpContext.Current.Session.Add(pSessKey, pObject);
}//void Set(string pSessionKey, object pObject)
public static string GetString(string pSessKey)
{
string sTemp = zE;
object t = Get(pSessKey);
if (t != null) { sTemp = (string)t; } else { sTemp = zE; }
return sTemp;
}//string GetString(string pSessionKey)
public static int GetInt(string pSessKey)
{
int s = 0;
object t = Get(pSessKey);
if (t != null) { s = (int)t; }
return s;
}//int GetInt(string pSessionKey)
public static Int32 GetInt32(string pSessKey)
{
Int32 s = 0;
object t = Get(pSessKey);
if (t != null) { s = (Int32)t; }
return s;
}//Int32 GetInt32(string pSessionKey)
public static bool GetBool(string pSessKey)
{
bool s = false;
object t = Get(pSessKey);
if (t != null) { s = (bool)t; }
return s;
}//bool GetBool(string pSessionKey)
}//static class CSession
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://img.manongdao.com/sparkler-677774__340.jpg', '推荐 女痞 的文章《Is it safe to access asp.net session variables thr》','https://www.manongdao.com/article-153420.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}