2

Context is: I need to send the SessionID (will be encripted) to an app, then the app saves the session ID and on the next query the app sends me back the SessionID so I can use the stored Session variables.

So HttpContext.Current.Session.SessionID gives me the current SessionID.

But... how do I recover the Session based on the SessionID?

P.S. I am aware that this is a duplicate of this unanswered question: How do I get a session by SessionID in C# so as a plus if there is no way of retrieving the Session from the SessionID I would ask if there is another way to achieve that.

Community
  • 1
  • 1
Edgar Griñant
  • 599
  • 1
  • 12
  • 27
  • 1
    What do you mean, "recover"? HttpContext.Current.Session *is* the current session. – OldProgrammer Feb 16 '15 at 16:52
  • Do you mean you want to essentially cache each session? Is this WebAPI or MVC – keitn Feb 16 '15 at 16:54
  • Why can't you use HttpContext.Current.Session? – keitn Feb 16 '15 at 16:55
  • @keitn - my guess OP does not know how to send request with cookies from application (not a Web browser) and uses non-persistent session state (or one with low expiration) to retrieve session after long time. – Alexei Levenkov Feb 16 '15 at 17:00
  • session in mvc is normally implemented as cookie. Browser will send cookie back to the server in every request, asp.net will take cookie and reconstruct the session, using session id. I suggest to let the app keeps and post the cookie back to your mvc instead of using session id. – Phuong Nguyen Feb 16 '15 at 17:00
  • @AlexeiLevenkov That's correct, but doesn't need to be a long time. BTW: I am not the developer of the app – Edgar Griñant Feb 16 '15 at 17:01
  • So the app needs to get the cookie from the server and resend it. That's right? – Edgar Griñant Feb 16 '15 at 17:02
  • yes, if possible, since i'm not sure how the app and your mvc communicate with each other, using redirect?, using httpwebclient? so cannot comment much. – Phuong Nguyen Feb 16 '15 at 17:05
  • 1
    The easiest route would be to fix app to properly send cookies... Otherwise read on [customs session state provider](https://msdn.microsoft.com/en-us/library/aa478952.aspx) to hook into existing session state. – Alexei Levenkov Feb 16 '15 at 17:10
  • @AlexeiLevenkov I will try to convince our partners to control the cookies and send the cookies back to the server. Thanks! – Edgar Griñant Feb 16 '15 at 17:14
  • +1 to Alexei - if you need arguments: ASP.NET offers the whole mechanism for free (cookie as means to store session identifier between requests), not much value in reimplementing it, as long as one can stick to the convention. – Srikanth Venugopalan Feb 16 '15 at 17:17
  • I found this for you to try: "You may be able to PInvoke GetInternetCookie in order to get the ASPNET session cookie." https://stackoverflow.com/questions/1578917/is-it-possible-to-share-asp-net-session-cookies-between-ie-and-word-add-on – John Foll Apr 04 '23 at 16:55

1 Answers1

3

As far as I am aware, there is no public API available to load a session based on session ID (I have asked the question here, as well). You can hack it using reflection, but that will only work if your site is in a full trust environment and you are okay with the performance implications of using reflection.

As was pointed out in the comments, session state is normally driven by a cookie (by default named "ASP.NET_SessionId"). If you pass the cookie from the request of your "app" (which I am assuming you mean a remote application) to the server, you can then access session state simply by calling HttpContext.Current.Session on the server side. You just need to add the cookie to the headers of the request from the application for it to work.

However, I don't think session state is the persistence mechanism you are after for your scenario. Rather than dealing with cookies, it would make more sense to store your state in a persistent format such as a file or a database and use a GUID or other unique identifier to access it based on an ID passed in through the URL.

As Alexi pointed out, another possibility would be to build your own session state provider that you put your own back door into in order to access the raw data, but it will take quite a bit of work to pull that off.

Community
  • 1
  • 1
NightOwl888
  • 55,572
  • 24
  • 139
  • 212
  • Cookies are definitely the way to go. We are just a middleware between a webservice and a mobile app. Custom session state provider would be the last option but still a valid option, in fact that's the answer to my question, but I feel like cookies will make my life easier. Thanks! – Edgar Griñant Feb 17 '15 at 04:37