ASP.NET MVC CookieTempDataProvider: any experience? - asp.net-mvc

UPDATE: looks like I've misunderstood what TempData is for and what it isn't. It definitively shouldn't be used to "keep certain session-wide data" as I asked initially (see ASP.NET MVC TempData Is Really RedirectData why). I've modified the question accordingly.
Has anyone used CookieTempDataProvider for TempData storage? Are there any caveats to watch out for (apart from keeping the session storage small)? Any issues with using it on Web farms?

I use the CookieTempDataProvider for our production web site and it seems to be working really well. We have a 2 server web farm. The site has been live for around 6 months, and we have experienced no issues, although the site does not get a lot of traffic.
I use the CookieTempDataProvider to store status messages that are to be displayed when a view loads. For example:
User edits a form and hits the save button. This is a post.
In the POST action method, I save the data, then push a confirmation message into TempData. Then I issue a RedirectToAction, to a GET action.
In the GET action method, I retrieve the message from the TempData and put it in the ViewData. Then I do my other data stuff and return the view.
On the view I check if the model has a message, and if so, display it.
Things to note:
I am using ASP.NET MVC 1.0.
I am using MVC Futures 1.0.
The CookieTempDataProvider did not work for me as is; I had to modify the code to get it working: see this post.

Related

ASP.NET MVC Session and SessionStateBehavior

All:
I have been searching high and low for an answer to this, so forgive me if this is a dupe, I just can't seem to find the right answer.
Let's say you have an ASP.NET MVC Controller marked with the [SessionState(SessionStateBehavior.Disabled)]
attribute. Does calling actions on this controller "refresh" the session state, keeping it "alive"? Specifically, I have a AJAX request calling a controller to keep the session "alive" since the application is a single page application driven by javascript, and I don't want the users session to die, so every 30 seconds I make a call up to this controller. Similarly, would it stay alive if the controller was marked SessionStateBehavior.ReadOnly? Finally, is using an ASP.NET MVC Controller for this purpose not the best way (is there a better way)?
Thanks!
Session state will be kept alive automatically with no attributes on the action, depending on how the web.config is configured. To configure it, see here: http://msdn.microsoft.com/en-us/library/h6bb9cz9(v=vs.100).aspx
A controller should be okay, but you may want to look into Web API as it'll offer a few more features in this scenario: http://www.asp.net/web-api/overview/getting-started-with-aspnet-web-api/tutorial-your-first-web-api

ASP MVC vs. WebForms: using SessionState for user logon

i've a question regarding handling of user logon while porting an application to MVC:
in the "old" WebForm days, developers simply used the SessionState object to set a user to logged-on, by -for example- simply putting the userobject into the SessionState (and this userobject holds simple properties like name/lastlogon/etc.)
this stuff worked very well for us, and i've seen lots of applications doing it that way
yes, i know there is this MembershipProvide-thingy, but i've never used it
Now, in MVC, everybody tells me that "using SessionStat for this is bad" and "apps built that way are flawed in design" and that "there are tons of security risks" and so on.
I've used this method because it worked for the app very reliable, it was simple to implement and it covered all stuff we need.
(Sure, there is the thing with recycling web worker process and emptying the session - but thats not a problem in our case, since the app runs for each country on a dedicated machine)
I've read tutorials, telling me to put that stuff in the DB and -attention- doing a request to the DB to check if the user is logged in, per EACH request? But: Under no circumstances, this is a doable way since i want to keep DB requests on a minimum.
So my question is:
A) whats wrong using this way also in the new MVC app?
B) whats the best way to handle this scenario in a newly built MVC app?
Regarding the session-in-DB-idea: instead of doing this, i'd rater setup an additional service, like a "session-manager" thats get query over the network, but such simple requests should not go to the DB - isn't that a good idea?
Any idea, hint /etc. is highly appreciated since this scenario is really confusing me :-X
A)
A fundamental principal of the asp.net mvc framework is that its stateless. Data is passed around using http requests and sent to the views in viewmodels. Web forms tried to maintain state with viewstate etc thats why you would have seen the logged in user in session approach. Thats not to say session shouldnt be used completely in asp.net mvc, there are some circumstances when it can be useful. Like maintaining a 3 step form process that has to be persisted on the last step. But generally we already have a recommended way to handle the user logins, and thats forms authentication
B)
For accessing the user object, you can create a custom identity implementing the IPrincipal interface and add the required user fields you need. Then set the custom identity in a global filter and access it in your action results. Regarding not wanting to query the database for every request, why dont you just call it for the initial request, then cache the result until the user is updated where you then can reload the object and set it in the custom identity again.

Do a full non-ajax post from a partial view in asp.net mvc

This more of an out of interest question than an urgently need an answer one, but I have been trying to find a good example of how to deal with a full postback from a partial view in asp.net MVC. The obvious example is the case where you have a small login form on every page. You can easily accomplish this through an asynchronous post back using jquery, but I am wondering if there is a way to do it without the use of javascript. I know it may be pedantic, but I don't like the idea of assuming the client has javascript enabled, particularly in this day and age where responsive design/ progressive enhacements are the big buzzwords around, so having you log in tied to javascript means that anyone on a simple mobile device won't be able to use it since their device probably won't support it.
Anyone have any ideas / examples of how to accomplish this? It's such a simple thing to implement in web forms I can't believe it's as tricky as I've heard it made out to be in MVC.
You just need a form within the view, that's all. The form will POST to its controller action method and generate a full page refresh (if that's what you mean by a full postback - I guess it is) irrespective of whether its a partial or not.
You can have multiple forms on a MVC view, and each one of them will give you a full page refresh, whereas with WebForms the pattern was one main form per page.

Asp Net MVC 3 - Moving through Actions and Views, SessionState

How can I keep some values between different Views in MVC 3?
I tried using TempData and HiddenField to keep these values but in our hosting this tecnique seems to have short life so exceptions are coming out furthermore if user uses Back button every starts to fail.
I would like to understand the better way to keep values between views in MVC 3, thanks in advice!
By design, MVC3 TempData values are removed after they are used.
The most simple answer is to use the Session object directly in your controllers.
There are other related questions with detailed answers such as these:
Session variables in ASP.NET MVC
Asp.Net MVC and Session
Your question is about the lifecycle of objects in between requests. It's important to understand that webapplications are used over the HTTP(S) protocol which is a stateless protocol. This means that every request is a completely new request for the webserver and there's no state shared between requests.
However it would be foolish to send the credentials of a user to the server each and every time so a webserver can create a thing they call a Session (and session-state). This object is an object that remains available for the lifetime of the session of the current user (most of the times from logging in until logging out). You can use this object to store items that you wish to share over various requests of the same user.
If the values you're trying to keep are specific to the page you can probably use a hidden field or something like that. However if the data is more related to the user than to a specific page and it must have a lifecycle longer than a single request then sessionstate is the best place to store the data.
You could use the Session (as you mention in your title and tags). Or store a cookie on the user's machine

Is there an equivalent of JSF #ViewScope in ASP MVC?

In the application I'm developing in ASP MVC 3 I have the following scenario. I have some properties of the model that I wanna use after the page makes a request, however when the post request is done they arrive as null since they are not bound to any control in the view form.
For what I've read this is the expected behaviour of ASP MVC and people recommend to use a #Html.HiddenFor() to be able to receive them, but I don't want this information to be available to user in case he selects "View source" from the browser.
In JSF I remember that you could use the #ViewScope annotation for this scenario, but is there something similar in ASP MVC? For what I've read saving them in the ViewData property will not work either and I do not want to use the Session because this properties will only be relevant in this particular view.
If I understand your question correctly, you may be looking for something like TempData.
You can read about it here:
http://blogs.teamb.com/craigstuntz/2009/01/23/37947/
A more recent post can be found here:
http://codeoverload.wordpress.com/2011/05/29/controller-tempdata-in-asp-net-mvc-3/

Resources