1

I am implementing a custom membership and role providers where I need to store all the role/membership information in the user's session.

I am implementing these custom providers inside a class library project (different from the website project) and need to access the session in them. The idea is to store the role/membership related information in the session after retrieving them for the first time from the database.

When I try to access the Session using 

System.Web.HttpContext.Current.Session

I get this as a null object (Object reference not set to an instance of an object.

Why is the session turning out to be null?

Moiz Tankiwala
  • 6,070
  • 7
  • 38
  • 51
  • 5
    You should be able to access the session like that, unless you're not on a web context (a separated thread for instance) – Claudio Redi Oct 29 '10 at 14:29
  • 2
    Is it the `Session` that is `null`, or the `HttpContext.Current`? If it's the Context, then your code is not running in a thread that's handling a request. – Andrew Barber Oct 29 '10 at 14:31
  • The context itself is not null. Only the session object in the context is null. – Moiz Tankiwala Oct 29 '10 at 15:15
  • The call stack shows [External Code] as the caller to this code that is trying to access the session. But, it should definitely be the web framework that is invoking that role/membership providers as the web is the only other project I have in the solution. – Moiz Tankiwala Oct 29 '10 at 15:16
  • Although the HTTPContext.Current is not null, most of its values aren't set. For HTTPContext.Current.CurrentNotification has this value {"This operation requires IIS integrated pipeline mode."} (exception). – Moiz Tankiwala Oct 29 '10 at 15:51
  • The request object (HTTPContext.Current.Request) has all the properties set correctly. – Moiz Tankiwala Oct 29 '10 at 15:53
  • The role/membership code is invoked before the page.OnPreInit – Moiz Tankiwala Oct 29 '10 at 16:03
  • After some research with my code, I realized that I should not be tapping into the session object from the membership/role provider code because this class is shared across multiple users of the web application. – Moiz Tankiwala Nov 02 '10 at 17:09

1 Answers1

0

Could be if you have sessions turned off, in a handler for example or maybe the page has a setting for not using session.

Otherwise it should normally return a session object, I have used the same solution in my own projects.

But you should always have code to test for null pointers, just in case.

Have you tested that you get a HttpContext at all?

David Mårtensson
  • 7,550
  • 4
  • 31
  • 47
  • Yes, I do get the HTTP context object and other properties do have relevant values. Just the session turns out to be null. At what point in the page life cycle does the session object becomes available? Could it be that this code is getting invoked before than? – Moiz Tankiwala Oct 29 '10 at 15:18
  • 1
    Possibly but unlikely. This page describes the page lifecycle including where HttpContext is created http://msdn.microsoft.com/en-us/library/bb470252.aspx and I cannot se where you could have code running before HttpContext is populated completely. – David Mårtensson Oct 29 '10 at 23:42