0

I am learning NHibernate/MVC and creating a sample app that let the user store a list of book they own. The problem i am having is that my repositories required that current login user but I dont what is the best of keeping the user details in MVC Session. I am using forms authentication.

login page

var user = userRepository.login(username,password);

Session["user"] = user;

list page

var user = Session["user"] as user;

var books = bookRepository.getByGenre("Fiction",user);

Is this the recommend way of passing instance variables between each http request?

thanks

bob223
  • 1

1 Answers1

0

The Steve Sanderson MVC book states

In ASP.NET MVC the best kind of action method is a pure function of its parameters. By this I mean that the action method reads data only from its parameters and writes data only to its parameters and does not refer to HttpContext or Session or any other state external to the controller.

I believe the recommended way is to use a custom model binder that supplies your user id from a backing store. The model binder allows you to create a controller that doesn't care where the data comes from.

A good place to start is this post

modelbinder-for-an-object-stored-in-session

Community
  • 1
  • 1
fluent
  • 2,393
  • 4
  • 22
  • 32
  • So every action in mvc will have another parameter that is the current user? Wouldn't it easier to have a global property that the control can access the user object? – bob223 Nov 02 '11 at 12:08
  • Easier yes, recommended no. I believe the idea behind extracting the session data out of the controllers is to allow for scalability and removes any assumptions that the controllers would need to make on having a global variable set. It also avoids the need to mock the http session in any unit tests. – fluent Nov 02 '11 at 12:21