From: pbd22 on
Hi.

I have some questions about session management.

I have decided to use a custom session manager class to have more
control over session state in my web site. I have started out by using
Stephan Prodan's Session Class here:

http://stefanprodan.spaces.live.com/?_c11_BlogPart_BlogPart=blogview&_c=BlogPart&partqs=cat%3DC%2523

You'll need to take a look (which I appreciate immensely) to get a
sense of what I am talking about.

1) My first question pertains to how I persist and access my session
information after a user authenticates (or doesn't). In his example,
sessions are created upon login / authentication as such:

// Create new instance of session manager
SessionManager<WorkbookProfile> sessionManager =
new SessionManager<WorkbookProfile>(10);

//Register timeout event
sessionManager.OnEntryTimeout +=
new
SessionEntryTimeoutDelegate<WorkbookProfile>(sessionManager_OnEntryTimeout);

// Get the user's profile
UserProfile profile =
UserProfile.GetUserProfile(_membership.GetUserNameByEmail(Login1.UserName));

//Log profile & start session
sessionManager.startSession(ref profile);

//Store on the session a user's object
sessionManager.SetData("MyData", "UserObject", user.SessionId);

OK, I understand the above code. What I don't completely understand is
how I can access session information as users interact with the
system. For example, take the below code:

public partial class MyClass : System.Web.UI.Page
{
private UserProfile _profile;
private SessionManager<UserProfile> _session;

protected void Page_PreInit(object sender, EventArgs e)
{
_session = new SessionManager<UserProfile>(10);
}

protected void Page_Load(object sender, EventArgs e)
{

string UserName = sessionManager[profile.SessionId].UserName;

_profile = UserProfile.GetUserProfile(UserName);
}

}

In the above code I need to pass the user's UserName to to the
`GetUserProfile method in order to create an instance of the
authenticated user's profile. But, I need to have the profile object
to access the SessionId. Sort of a Catch 22. What am I doing wrong
here? How should I be accessing session and profile information for
each new page the user visits?

2) the importance of the database when using sessions?

My second question relates to the use of the DB with sessions. In
Stefan's class, all session information is stored in a session object
that persists as long as the user is authenticated. But, in other
online reading, I have seen examples where programmers store session
keys in a table in association with fk_profileid. What is the purpose
of this? What is the best practice?

Thanks for your time.