public Session GetSession(int id, int userId, string username, string password, DateTime createdDate, DateTime lastActiveAt) { if (username == "") { throw new Exception("empty username"); } if (password == "") { throw new Exception("empty password"); } using (var conn = _dbConnection.GetConnection()) { var user = _userDataAccess.CheckUserCredentials(conn, id, username, password, createdDate, lastActiveAt); if (user.Password != password) { throw new Exception("wrong credentials"); } var session = _sessionDataAccess.CreateSession(conn, user.Id, userId, lastActiveAt); return(session); } }