Comments (4)
I guess I could do this by having my own middleware that wraps SessionMiddleware
and only uses it when I know a session is needed (otherwise, bypass it and go directly to the next middleware).
Even so, it would be good to be able to have "session free" controllers that don't start a session. WebForms has enableSessionState
which allowed you to enable or disable session on a per-form basis, maybe MVC could have an attribute for that? I also think the session in prior versions of ASP.NET MVC isn't initialised until you explicitly use it, but I'm not 100% sure about that.
from session.
The SessionMiddleware is already designed to be lazy. See https://github.com/aspnet/Session/blob/dev/test/Microsoft.AspNet.Session.Tests/SessionTests.cs#L28. If it's failing to be lazy that's probably an issue in consumption (MVC?).
That said, your described behavior sounds bizarre, Set-Cookie and no-cache should only be set on responses that didn't have the request cookie to begin with (and only if session was actually written to). Even if session weren't lazy, it shouldn't write the cookie to every response.
from session.
If it's failing to be lazy that's probably an issue in consumption (MVC?).
I'm also using identity/authentication, so it might be something in that middleware. I'll do some investigation and close this out if the issue is elsewhere.
Even if session weren't lazy, it shouldn't write the cookie to every response.
Sure, but after the cookie is set, it's sent in every request from then onwards (via the Cookie
request header). Proxies may be set up to not cache any requests that contain a cookie, as the server-side response may vary depending on the cookie. For example, if I have an admin section that is only available when I'm logged in, I wouldn't want any of its responses to be cached at a proxy at all, just in my browser.
In my case, I'm using nginx (via Mono FastCGI for ASP.NET 4, and as a reverse proxy to Kestrel for ASP.NET 5), and I explicitly turn off caching if there's a session cookie:
map $http_cookie $logged_in {
default 0;
# Never cache responses if they have auth cookies in them
~ASPXAUTH 1;
~.MONOAUTH 1;
~.AspNet.Session 1;
}
...
# Scenarios where we don't want to cache
proxy_cache_bypass $logged_in;
proxy_no_cache $logged_in;
This is working with the current ASP.NET 4 site, as it is not setting the ASPXAUTH cookie until the session actually begins (so logged out users correctly get the cached responses). In theory (based on your comment) it should be working on the ASP.NET 5 site too, I just need to figure out what's initialising the session too early.
from session.
Okay I figured it out. MVC is setting __ControllerTempData
to an empty byte array when it loads the temp data: https://github.com/aspnet/Mvc/blob/ff6cbfd7cf93f1bb85e5a3ef24bb4c9a9d7cd38e/src/Microsoft.AspNet.Mvc.ViewFeatures/TempData/SessionStateTempDataProvider.cs#L145-L147. This means that there's always data in the session when accessing MVC TempData, and thus it always initialises it. It seems intentional based on that code. I had a TempData["message"]
in my _Layout.cshtml
.
For now I'll just get rid of TempData in my code.
from session.
Related Issues (20)
- Remove obsolete options APIs HOT 3
- Update session to configure DistributedMemoryCache options by default HOT 3
- Add logging scope for session HOT 2
- Random "Accessing expired session" warning HOT 4
- Error closing the session with .net 2.1.0-preview1 HOT 12
- Any plans for maximum session size property? HOT 2
- [1.1.4] Flaky test: SessionTests.SessionLogsCacheRefreshException HOT 6
- System.OperationCanceledException at Microsoft.Extensions.Caching.Redis.RedisCache+<RefreshAsync>d__25.MoveNext HOT 4
- cant access Session in other API HOT 5
- Error closing the session HOT 1
- [Patch 2.0.x] Downgrade cancellation logs HOT 1
- Add EventSource/EventCounter tracing and metrics for Session HOT 1
- Session does not work with Redis when the client has HTTP keep-alives disabled HOT 6
- Session cannot be re-loaded HOT 8
- Determine if the session cookie is considered essential HOT 1
- THIS ISSUE TRACKER IS CLOSED - use the Home repo issue tracker
- Session OnStart and Session OnEnd HOT 8
- How to get number of session HOT 3
- Re-initialize Session middleware from controller HOT 2
- How to add a custom session in .net core? HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from session.