When working with Http Handlers or Http Modules, we often need to use Session State.
The Simple way to make an Http Handler “SessionState Enabled” is to inherit it with the IRequiresSessionState Interface
MSDN :
IRequiresSessionState Interface
Specifies that the target HTTP handler requires read and write access to session-state values. This is a marker interface and has no methods.
Namespace: System.Web.SessionState
Assembly: System.Web (in System.Web.dll)
Now we want to make an Http Handler with SessionState support by just Read-Only. So after a quick search on the MSDN Library, I founded the IReadOnlySessionState
MSDN :
IReadOnlySessionState Interface
Specifies that the target HTTP handler requires only read access to session-state values. This is a marker interface and has no methods.
Namespace: System.Web.SessionState
Assembly: System.Web (in System.Web.dll)
But in fact this Interface just mark the HttpSessionState.IsReadOnly as “True” and we are still able to modify Session Items ... (or I missed something ..)
This is why I created a Custom SessionState Class Called : ReadOnlySessionState
public class ReadOnlySessionState : IHttpSessionState
{
#region Private Properties
private HttpSessionState Session { get; set; }
#endregion
#region Contructors
public ReadOnlySessionState(HttpSessionState sessionState)
{
Session = sessionState;
}
#endregion
#region IHttpSessionState Members
public void Abandon()
{
Session.Abandon();
}
public void Add(string name, object value)
{
throw new NotSupportedException();
}
public void Clear()
{
throw new NotSupportedException();
}
public int CodePage
{
get
{
return Session.CodePage;
}
set
{
throw new NotSupportedException();
}
}
public System.Web.HttpCookieMode CookieMode
{
get { return Session.CookieMode; }
}
public void CopyTo(Array array, int index)
{
throw new NotSupportedException();
}
public int Count
{
get { return Session.Count; }
}
public System.Collections.IEnumerator GetEnumerator()
{
return Session.GetEnumerator();
}
public bool IsCookieless
{
get { return Session.IsCookieless; }
}
public bool IsNewSession
{
get { return Session.IsNewSession; }
}
public bool IsReadOnly
{
get { return true; }
}
public bool IsSynchronized
{
get { return Session.IsSynchronized; }
}
public System.Collections.Specialized.NameObjectCollectionBase.KeysCollection Keys
{
get { return Session.Keys; }
}
public int LCID
{
get
{
return Session.LCID;
}
set
{
throw new NotSupportedException();
}
}
public SessionStateMode Mode
{
get { return Session.Mode; }
}
public void Remove(string name)
{
throw new NotSupportedException();
}
public void RemoveAll()
{
throw new NotSupportedException();
}
public void RemoveAt(int index)
{
throw new NotSupportedException();
}
public string SessionID
{
get { return Session.SessionID; }
}
public System.Web.HttpStaticObjectsCollection StaticObjects
{
get { return Session.StaticObjects; }
}
public object SyncRoot
{
get { return Session.SyncRoot; }
}
public int Timeout
{
get
{
return Session.Timeout;
}
set
{
throw new NotSupportedException();
}
}
public object this[int index]
{
get
{
return Session[index];
}
set
{
throw new NotSupportedException();
}
}
public object this[string name]
{
get
{
return Session[name];
}
set
{
throw new NotSupportedException();
}
}
#endregion
}
Now we can use it in an Http Handler as the following
public class MySessionStateReadOnlyHandler : IHttpHandler,IReadOnlySessionState
{
protected ReadOnlySessionState Session
{
get { return new ReadOnlySessionState(HttpContext.Current.Session); }
}
public void ProcessRequest(HttpContext context)
{
Session["MyItem"] = "Hello World"; // Will throw a NotSupportedException : Good !
}
public bool IsReusable
{
get
{
return false;
}
}
}
Hope this help’s!
Views(1455)
