Out of context access to the session store
We have a fairly large deployment of StateServer for a web farm's application cache and ASP.NET session state storage. We have a complex use case we need to support, which we were told during the sales process (years ago, this project has been on hold for a time) should be possible. However, we are having trouble figuring out the specifics and can't find documentation for a few of the objects involved. Here's what we need to do:
We have a multi-user application. Sometimes, one user's action affects the stored session data for another user. For example, one user might revoke another user's access, at which time that target user's ASP.NET session state object needs to be modified to indicate their reduced permissions. So the first user needs to update the second user's session values.
We want to solve that problem soft of like this:
It seems that these are all things StateServer can do. However, when we initially tried this we got this exception:
The supplied key is for an ASP.NET session object. The NamedCache API cannot access objects of this type -- use the SessionAccessor class instead.
The SessionAccessor object seems like something we could use to solve this. However, it is undocumented or we can't find the documentation. How can we use this to:
Thanks for pointing us in the right direction!
If you have data that needs to be modified outside of a user's page request then you'll almost certainly want to move it out of session state and into a separate object that's accessed through our NamedCache API and is keyed by UserID instead of a session ID.
(I found your original list of requirements from 2015, but I don't think we realized back then that you needed to query ASP.NET session objects--the assumption was that you'd be querying cached objects that were stored via our NamedCache API.)
Anyway, you're having trouble with the query approach right now because:
Also, the ScaleOut SessionAccessor class you noted is an internal classs that's really only intended to be used by our ASP.NET provider in the context of a normal web request doing session management.
So it would be tough to try to access and modify another user's session object. It could probably be accomplished with enough code and time, but it will take a quite a bit of work because ASP.NET is going to fight us every inch of the way--it deliberately goes to some lengths to keep sessions isolated from each other. I'd really advise against trying it, but if it's a firm requirement then we should take this discussion off the public forum (we'll really be abusing our low-level APIs if you want to do this). Moving the data in question out of session state would be a much, much smoother implementation.
answered Dec 01, 2017 at 11:51 PM
ScaleOut Support Team ♦