Hello everyone,
I am totally dumbfounded. I keep getting a null reference to the
HttpContext.Current.Session object and more specifically
HttpContext.Current.Session["CslaPrincipal"]; I see this value get set, but somehow the session object is reset to null. I am using state server.
Here is my global asax code:
protected void Application_AcquireRequestState(object sender, EventArgs e)System.Security.Principal.
IPrincipal principal;Synergy.Library.Security.
SPrincipal.Logout();Csla.
ApplicationContext.User = principal;Session value is initially set in this code snippet from the index page. I have stepped throught the code and verify that these values are indeed set! However in the midst of running the application the global asax throws a null refererence exception for my HttpContext.Current.Session["CslaPrincipal"] session object.
Synergy.Library.Security.
SPrincipal.Login(user, pw);PLEASE HELP, NO IDEA OF WHERE TO EVEN LOOK REGARDING THIS PROBLEM.
What version of CSLA are you using? (there was a bug in some older versions)
Are you using IIS or Cassini for hosting? (Cassini is broken in this regard)
Are you sure Session has actually been restored by the time your code is running? In other words, are other Session variables present in Session at that time?
1) Csla 2.0
2) IIS
3) You were correct Session had not had enough time to be restored. So fixed problem in the following way in the global.asax
if (HttpContext.Current.Session == null)
{
Synergy.Library.Security.SPrincipal.Logout();
}
else
{
System.Security.Principal.IPrincipal principal;
try
{
principal = (System.Security.Principal.IPrincipal)HttpContext.Current.Session["CslaPrincipal"];
}
catch
{
principal = null;
}
}
Thanks for your help!
I'm glad you resolved the issue.
If you are actually using 2.0.0, I would recommend moving to 2.0.3, as there are some important bug fixes in those point releases. (www.lhotka.net/cslanet/download.aspx)
This issue has come up in different forms since ASP.Net 2.0 came out.
I think the real cause is that AcquireRequestState can be called multiple times for the same request!
I am not clear as to how or why this happens but depending on your environment and what 3rd party controls you use, you need to know that it can be called more than once and that sometimes the Session is not present.
I changed my code to something like this a while back:
Private Sub Global_AcquireRequestState(ByVal sender As Object, ByVal e As System.EventArgs) Handles MyBase.AcquireRequestState 'JF 10/26/06 - test for existenceetc.
Joe
Copyright (c) Marimer LLC