This content has been marked as final. Show 6 replies
Your server should be setting up session values on the login call, and then check thoes values are valid on all other service requests...
(bad ruby pseudo code follows..)
session[object] = User_object
if session[object] is not valid then
Thanks for the reply.
The thing is, in a .NET WebService, you cannot set any Session values (as apoosed to an .aspx page).
This is why I asked the question in the first place ;-)
I know I can use an .aspx page as a data service (post to it and read the response), but a WebService is more "elegant"...
Any other thoughts?
Just found a few articles on enabling Session in .NET WS...
Will test it and report back.
This is what I do.
At the login if all is OK I return returns a GUID, This GUID is passed to all WS calls after the login.
On the server side, I create a table with the GUID, UserID and DateTime. On every call into the WS, I check that the table contains the GUID and that the last DateTime is less than say 20min. if all OK, i update the DateTime field with now() else I simply throw an exception that is caught back in the Flex application. I also at this point delete any row with a timestamp > 20min. to keep the table small.
For testing you simply return true from the code that checks the Guid. I have been using this technique for a while and it works a treat.
All the best
Thanks for the detailed reply.
The thing is, I'm trying to avoid an extra DB query on every WS call...
I can basically send the user/pass to all WS calls instead of a GUID, but again, I then need to do some DB query...
Anyway, I found the I can add the EnableSession tag to the function declaration like :[WebMethod(EnableSession=true)] and by that enabling a session just like on an aspx page.
Haven't tested it yet to confirm the performance but I will as soon as I do.
Sounds good. Don't worry about the DB call as you can do it in one call and if your using SqlServer it's so fast you won't notice it (That is my experience anyway).
Where is the SessionState going to be held. If you store it in SqlServer then that is another db call anyway.
All lots of fun!!!!
I have written a Flex framework for integrating Flex and .Net with WS.