Home/ Questions/Q 8006771
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-04T17:37:23+00:00

MVC3 added a good opportunity to make sessionless controllers using [SessionState(SessionStateBehavior.Disabled)] attribute. That’s great

  • 0

MVC3 added a good opportunity to make sessionless controllers using [SessionState(SessionStateBehavior.Disabled)] attribute. That’s great but not flexible because you cannot set session state for each controller method and also you cannot enable it by condition.

Is it possible to enable session state for authenticated users only or by some other custom condition?
I.e. PHP has a great feature.
if (!isset($_SESSION)) session_start();
That would be nice to find something like that

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You could override the default controller factory and more specifically the GetControllerSessionBehavior method:

    public class MyControllerFactory : DefaultControllerFactory
{
    protected override SessionStateBehavior GetControllerSessionBehavior(RequestContext requestContext, Type controllerType)
    {
        if (controllerType == null)
        {
            return SessionStateBehavior.Default;
        }

        if (requestContext.HttpContext.User.Identity.IsAuthenticated)
        {
            // enable session if there's an authenticated user
            return SessionStateBehavior.Required;
        }

        return SessionStateBehavior.Disabled;
    }
}

    and in Application_Start replace the default controller factory with the custom one:

    ControllerBuilder.Current.SetControllerFactory(new MyControllerFactory());
    • 0