0

I'm investigating storing TempData in a better place. There is a walkthrough for how to do that with MongoDB but the key used for storage (item.SessionIdentifier == controllerContext.HttpContext.Request.UserHostAddress, the IP address) is clearly not working because multiple users/sessions can share the same public IP.

The consequence of using the IP as the key is that multiple users will see (and delete) each others data. In particular, during testing on your dev machine all sessions and browser instances will share the same temp data.

What would be a good key to use for TempData storage in some database?

boot4life
  • 4,966
  • 7
  • 25
  • 47

1 Answers1

0

Instead of assigning to tempdata directly call below method when ever assigning to object 

public static string GetVisitorIPAddress(bool GetLan = false)
        {
            string visitorIPAddress = HttpContext.Current.Request.ServerVariables["HTTP_X_FORWARDED_FOR"];

            if (String.IsNullOrEmpty(visitorIPAddress))
                visitorIPAddress = HttpContext.Current.Request.ServerVariables["REMOTE_ADDR"];

            if (string.IsNullOrEmpty(visitorIPAddress))
                visitorIPAddress = HttpContext.Current.Request.UserHostAddress;

            if (string.IsNullOrEmpty(visitorIPAddress) || visitorIPAddress.Trim() == "::1")
            {
                GetLan = true;
                visitorIPAddress = string.Empty;
            }

            if (GetLan && string.IsNullOrEmpty(visitorIPAddress))
            {
                //This is for Local(LAN) Connected ID Address
                string stringHostName = Dns.GetHostName();

                //Get Ip Host Entry
                IPHostEntry ipHostEntries = Dns.GetHostEntry(stringHostName);

                //Get Ip Address From The Ip Host Entry Address List
                IPAddress[] arrIpAddress = ipHostEntries.AddressList;

                try
                {
                    visitorIPAddress = arrIpAddress[arrIpAddress.Length - 2].ToString();
                }
                catch
                {
                    try
                    {
                        visitorIPAddress = arrIpAddress[0].ToString();
                    }
                    catch
                    {
                        try
                        {
                            arrIpAddress = Dns.GetHostAddresses(stringHostName);
                            visitorIPAddress = arrIpAddress[0].ToString();
                        }
                        catch
                        {
                            visitorIPAddress = "127.0.0.1";
                        }
                    }
                }
            }

            return visitorIPAddress.Split(',')[0].Trim();
        }
Vinutha N
  • 156
  • 6
  • Multiple users can share an IP address. At the very least different browsers on the same computer do. – boot4life Apr 26 '17 at 11:43
  • TempData is session bound. respective User will only see its TempData. – Vinutha N Apr 26 '17 at 11:56
  • TempData is bound to what the provider binds it to. The MVC system cannot make the provider do anything in particular and relies on it to return the correct data for the right user/session or whatever other scope is being used (in this code the IP, not the session). – boot4life Apr 26 '17 at 12:21
  • The consequence of using the IP as the key is that multiple users will see (and delete) each others data. – boot4life Apr 26 '17 at 12:23