Null value lingers in cache after Cache.Remove(key) - asp.net-mvc

I added a caching layer between my ASP.NET MVC application and database using the GetOrStore<T> cache helper below.
This includes caching users' system roles.
When I remove a cached roles object for a signed-in user via HttpRuntime.Cache.Remove(userRoleCacheKey), subsequent requests fail with a NullReferenceException because the cache helper is returning a null value for the role cache, even though the cached key should not exist and the helper should regenerate it.
It seems like the cached key lingers around with a null value. The exception won't budge until I request a role-heavy page a few seconds later.
Why is my cache breaking?
public static class CacheExtensions
{
public static T GetOrStore<T>(this Cache cache, string key, Func<T> generator)
{
var result = cache.Get(key);
if (result == null)
{
result = generator();
if (result != null) // can't store null values in cache.
{
cache[key] = result;
}
}
return (T)result;
}
}
Here is the code that fetches the user's roles and caches it:
public override string[] GetRolesForUser(string userId)
{
return HttpRuntime.Cache.GetOrStore<string[]>(
"RolesForUser[" + userId + "]",
() => Con.Query<string>("SELECT Role FROM vw_UserRoles WHERE UserId = #userId", new { userId = Guid.Parse(userId) }).ToArray());
}
where Con retrieves an open IDbConnection.

Minor issue in your code that can hide the problem from you:
if (result != null) // can't store null values in cache.
{
cache[key] = result;
}
What about else clause? The result returned anyway, even if it is null value. Throw InvalidOperationException in that case and debug your queries passed as generator parameter.

Related

Spring-session clears attributes from session after pageContext.include

I think I have come across a bug in spring-session but I just want to ask here if it really is a bug. Before I forget
https://github.com/paranoiabla/spring-session-issue.git
here's a github repository that reproduces the problem. Basically I have a 2 controllers and 2 jsps, so the flow goes like this:
User opens http://localhost:8080/ and the flow goes through HomepageController, which puts 1 attribute in the spring-session and returns the homepage.jsp which renders the session id and the number of attributes (1)
The homepage.jsp has this line inside it:
${pageContext.include("/include")}
which calls the IncludeController to be invoked.
The IncludeController finds the session from the session repository and LOGs the number of attributes (now absolutely weird they are logged as 0) and returns the include.jsp which renders both the session id and the number of session attributes (0).
The session id in both jsps is the same, but somehow after the pageContext.include call the attributes were reset to an empty map!!!
Can someone please confirm if this is a bug.
Thank you.
Problem
The problem is that when using MapSessionRepository the SessionRepositoryFilter will automatically sync the HttpSession to the Spring Session which overrides explicit use of the APIs. Specifically the following is happening:
SessionRepositoryFilter is obtaining the current Spring Session. It caches it in the HttpServletRequest to ensure that every invocation of HttpServletRequest.getSession() does not make a database call. This cached version of the Spring Session has no attributes associated with it.
The HomepageController obtains its own copy of Spring Session, modifies it, and then saves it.
The JSP flushes the response which commits the HttpServletResponse. This means we must write out the session cookie just prior to the flush being set. We also need to ensure that the session is persisted at this point because immediately afterwards the client may have access to the session id and be able to make another request. This means that the Spring Session from #1 is saved with no attributes which overrides the session saved in #2.
The IncludeController obtains the Spring Session that was saved from #3 (which has no attributes)
Solution
There are two options I see to solving this.
Use HttpSession APIs
So how would I solve this. The easiest approach is to stop using the Spring Session APIs directly. This is preferred anyways since we do not want to tie ourselves to the Spring Session APIs if possible. For example, instead of using the following:
#Controller
public class HomepageController {
#Resource(name = "sessionRepository")
private SessionRepository<ExpiringSession> sessionRepository;
#Resource(name = "sessionStrategy")
private HttpSessionStrategy sessionStrategy;
#RequestMapping(value = "/", method = RequestMethod.GET)
public String home(final Model model) {
HttpServletRequest request = ((ServletRequestAttributes) RequestContextHolder.currentRequestAttributes()).getRequest();
final String sessionIds = sessionStrategy.getRequestedSessionId(request);
if (sessionIds != null) {
final ExpiringSession session = sessionRepository.getSession(sessionIds);
if (session != null) {
session.setAttribute("attr", "value");
sessionRepository.save(session);
model.addAttribute("session", session);
}
}
return "homepage";
}
}
#Controller
public class IncludeController {
private final static Logger LOG = LogManager.getLogger(IncludeController.class);
#Resource(name = "sessionRepository")
private SessionRepository<ExpiringSession> sessionRepository;
#Resource(name = "sessionStrategy")
private HttpSessionStrategy sessionStrategy;
#RequestMapping(value = "/include", method = RequestMethod.GET)
public String home(final Model model) {
HttpServletRequest request = ((ServletRequestAttributes) RequestContextHolder.currentRequestAttributes()).getRequest();
final String sessionIds = sessionStrategy.getRequestedSessionId(request);
if (sessionIds != null) {
final ExpiringSession session = sessionRepository.getSession(sessionIds);
if (session != null) {
LOG.error(session.getAttributeNames().size());
model.addAttribute("session", session);
}
}
return "include";
}
}
You can simplify it using the following:
#Controller
public class HomepageController {
#RequestMapping(value = "/", method = RequestMethod.GET)
public String home(HttpServletRequest request, Model model) {
String sessionIds = request.getRequestedSessionId();
if (sessionIds != null) {
final HttpSession session = request.getSession(false);
if (session != null) {
session.setAttribute("attr", "value");
model.addAttribute("session", session);
}
}
return "homepage";
}
}
#Controller
public class IncludeController {
#RequestMapping(value = "/include", method = RequestMethod.GET)
public String home(HttpServletRequest request, final Model model) {
final String sessionIds = request.getRequestedSessionId();
if (sessionIds != null) {
final HttpSession session = request.getSession(false);
if (session != null) {
model.addAttribute("session", session);
}
}
return "include";
}
}
Use RedisOperationsSessionRepository
Of course this may be problematic in the event that we cannot use the HttpSession API directly. To handle this, you need to use a different implementation of SessionRepository. For example, another fix is to use the RedisOperationsSessionRepository. This works because it is smart enough to only update attributes that have been changed.
This means in step #3 from above, the Redis implementation will only update the last accessed time since no other attributes were updated. When the IncludeController requests the Spring Session it will still see the attribute saved in HomepageController.
So why doesn't MapSessionRepository do this? Because MapSessionRepository is based on a Map which is an all or nothing thing. When the value is placed in the map it is a single put (we cannot break that up into multiple operations).

Two checks IValidatableObject in one entity

Is the essence of Project, the creation of which is necessary to check whether there is already an entity with the same name. When editing needs such as checking, but keep in mind that the old and the new name of the entity can be matched.
You also need to display an error message. For this I use interface IValidatableObject, but do not know how to tell the Validate method the object is currently being edited or created
DbContext.ValidateEntity takes the IDictionary<Object, Object> items as the second parameter. You can pass any data there and the data you pass will be passed to IValidatableObject.Validate in the ValidationContext.Items
Assuming you refer to check EF cant do for you.
This is actually difficult to check. You are checking an entity after it has been added to the context. It should not check itself and needs to consider other items in context that are not yet saved. As well as the DB. There are several 3 combinations plus an self recognition. Record a an entity record in LOCAL when ID is blank/new ie multiple new inserts needs careful coding. (Consider using temp IDs)
the not yet saved entries should be in context
Context.Set<TPoco>().Local
and get data from DB and keep in a temp list. BUT dont put in context.
Or use a SECOND context.
var matchingSet = Context.Set<TPoco>().AsNoTracking() // not into context...
.Where(t=>t.field == somevalue).ToList();
So what about logical and actual duplicates on the DB. Logical duplicates are duplicates on a field with no unique index that from a business perspective should be unique.
If you want to check those...
You need to read the DB.... BUT if these records are currently being changed, you CAN NOT just put them into the Context. You would overwrite them.
But what if the values the logical key values have changed?
Something caused a logical dup on a record on the DB may no longer be a dup once saved or vice verse. Is that still a dup or not ?
So you need to decide how you match LOCAL versus loaded records.
Ie check LOCAL and matching DB records and decidr what to do if a record is in both, only local or only db.
LOCAL ONLY and DB Only is easy.
But in both... That is your business process decision.
Problem is solved using method ModelState.AddModelError (string, string) in actions Edit and Create.
[HttpPost]
[HandleError(View="AjaxError")]
public ActionResult Edit(ProjectsViewData data)
{
if (ModelState.IsValid)
{
if (!ContainsProject(data.CurrentObject.Name))
{
db.Projects.Attach(data.CurrentObject);
db.ObjectStateManager.ChangeObjectState(data.CurrentObject, EntityState.Modified);
db.SaveChanges();
return Projects(data);
}
else
{
int projectId = (from p in db.Projects
where p.Name == data.CurrentObject.Name
select p.ProjectID).FirstOrDefault();
if (projectId == data.CurrentObject.ProjectID)
{
db.Projects.Attach(data.CurrentObject);
db.ObjectStateManager.ChangeObjectState(data.CurrentObject, EntityState.Modified);
db.SaveChanges();
return Projects(data);
}
else
{
ModelState.AddModelError("Name", Localizer.ProjectAlreadyExists);
}
}
}
data.ObjectToEdit = data.CurrentObject;
return Projects(data);
}
[HttpPost]
[HandleError(View = "AjaxError")]
public ActionResult Create(ProjectsViewData data)
{
if (ModelState.IsValid)
{
if (!ContainsProject(data.CurrentObject.Name))
{
db.Projects.AddObject(data.CurrentObject);
db.SaveChanges();
return Projects(data);
}
else
{
ModelState.AddModelError("Name", Localizer.ProjectAlreadyExists);
}
}
data.ObjectToAdd = data.CurrentObject;
return Projects(data);
}
Helper method:
private bool ContainsProject(string projectName)
{
if (projectName != null)
{
projectName = Regex.Replace(projectName.Trim(), "\\s+", " ");
List<string> projects = new List<string>();
var projectNames = (from p in db.Projects
select p.Name.Trim()).ToList();
foreach (string p in projectNames)
{
projects.Add(Regex.Replace(p, "\\s+", " "));
}
if (projects.Contains(projectName))
{
return true;
}
else
{
return false;
}
}
else
{
return false;
}
}

ASP.NET MVC can't read cookies

This ought to be simple enough, although I find I can only set cookies but not read them back, despite my browser showing me the cookie.
In my HomeController I set the cookie once a user enters a valid string:
[HttpPost]
public ActionResult Index(string fMemberCode)
{
try
{
// TODO: controller-->member table module-->member data gateway-->DB
// Check member num against member table
// Return cookie if exists
// Return error if not
MembersModule membersModule = new MembersModule();
int memberId = membersModule.AuthMember(fMemberCode);
if (memberId > 0)
{
HttpCookie mCookie = new HttpCookie("MMedia");
mCookie.Value = memberId.ToString();
Response.Cookies.Add(mCookie);
}
else { }
return RedirectToAction("Index");
}
catch
{
return View();
}
}
Then later on, in a different context, the LibraryController needs to check the cookie is present:
public LibraryController()
{
// TODO
// Check member cookie present
int id = int.Parse(Request.Cookies["Media"].Value);
if (id > 0)
this.module = new LibraryModule(id);
else throw new Exception("Invalid cookie");
}
However, when stepping through the code in VS2012 when the line of execution in LibraryController reaches:
int id = int.Parse(Request.Cookies["Media"].Value);
The exception is thrown: Object reference not set to an instance of an object
You can't access the Request property in the constructor of your controller. It doesn't exist at that point in the controller life cycle.
Perhaps an action or controller filter might help you.

EntityFramework ObjectContext Refresh issue

I have DataContext.Refresh Method:
public void RefreshDataSource()
{
_entities.Refresh(RefreshMode.ClientWins,Departments);
}
And observable collection:
public ObservableCollection<Department> Departments
{
get
{
if (_departments == null && _entities != null)
{
_entities.Departments.Include("Drivers").ToArray();
_departments = new EntityObservableCollection<Department>(_entities.Departments);
}
return _departments;
}
}
If i update records outside context i see only changed records but can't see inserted and removed. Why?
Because Refresh doesn't look for new records. It takes records you already have and updates them with current values. It also probably doesn't handle deleted records especially if you use ClientWins strategy which takes your state as more important.

ASP.NET MVC - Alternative to Using Session

I have an ASP.NET MVC view that uses jquery.Uploadify to post files to one of my controllers for use in my application and one of the side effects I noticed with Uploadify is that when the Flash file Uploadify uses to submit files to the server posts to my controller it gets its own SessionID from ASP.NET. This would be fine, of course, if my Upload controller didn't use the Session to store a list of files that have been uploaded by the current user for future manipulation by my application... So given this issue, after I upload files with my View, the current user's session does not contain any of the files that were just posted.
Any suggestions on how to achieve what I want without relying on Sessions (and, preferably, without a database)?
Since Uploadify is purely a front end script, I don't understand why it would be getting a session from ASP.NET. I also don't fully understand what your particular problem is.
If your problem is that once the files are uploaded, the user can't see them on the screen, then I would suggest figuring out a method displaying the list of files that is independent of Uploadify. If it can, have it send an ID token along with the files and then grab the data needed to show the list from a database.
Maybe a static hashmap which key is the user:ip of the client?
The value will be whatever object you want to stored across the different Sessions.
One thing to cross check--did you make the session "live" by adding some data to it before going to uploadify? ASP.NET regenerates sessions until it has data in the session.
This is the solution I came up with. I haven't done much testing, but it seems to be an acceptable alternative to Session in my current scenario. I will use the Global.asax's Session_End/Session_Start to ensure rows are created and removed as needed.
public class UserTable : Dictionary<string, Dictionary<string, object>>
{
public new object this[string key]
{
get
{
object value = null;
if (HttpContext.Current != null)
{
var sessionId = HttpContext.Current.Session.SessionID;
if (ContainsKey(sessionId) && base[sessionId].ContainsKey(key))
value = base[sessionId][key];
}
else
throw new Exception("No HttpContext present.");
return value;
}
set
{
if (HttpContext.Current != null)
{
var sessionId = HttpContext.Current.Session.SessionID;
if (!ContainsKey(sessionId))
Add(sessionId, new Dictionary<string, object>());
if (!base[sessionId].ContainsKey(key))
base[sessionId].Add(key, value);
else
base[sessionId][key] = value;
}
else
throw new Exception("No HttpContext present.");
}
}
public object this[string sessionId, string key]
{
get
{
object value = null;
if (ContainsKey(sessionId) && base[sessionId].ContainsKey(key))
value = base[sessionId][key];
return value;
}
set
{
if (!ContainsKey(sessionId))
Add(sessionId, new Dictionary<string, object>());
if (!base[sessionId].ContainsKey(key))
base[sessionId].Add(key, value);
else
base[sessionId][key] = value;
}
}
public void Add(string sessionId)
{
Add(sessionId, new Dictionary<string, object>());
}
public void Add()
{
if (HttpContext.Current != null)
Add(HttpContext.Current.Session.SessionID);
else
throw new Exception("No HttpContext present.");
}
public new void Remove(string sessionId)
{
base.Remove(sessionId);
}
public void Remove()
{
if (HttpContext.Current != null)
Remove(HttpContext.Current.Session.SessionID);
else
throw new Exception("No HttpContext present.");
}
}

Resources