private session createNewSession(HttpContextBase httpContext)
{
//create a new session.
//first create a new cookie.
HttpCookie cookie = new HttpCookie(SessionName);
//now create a new session and set the creation date.
session _session = new session();
_session.createDate = DateTime.Now;
_session.lastUpdate = DateTime.Now;
//create a sessionID as Guid and convert to a string to be stored in database
_session.sessionGUID = Guid.NewGuid().ToString();
_session.idIPMEvent = 3;
_session.isLoggedIn = false;
_session.idStaff = null;
_session.idCustomer = null;
//add and persist in the database.
sessions.Insert(_session);
sessions.Commit();
//add the session id to a cookie
cookie.Value = _session.sessionGUID;
cookie.Expires = DateTime.Now.AddDays(1);
httpContext.Response.Cookies.Add(cookie);
return _session;
}
public session GetSession(HttpContextBase httpContext, bool checkUser, bool checkAdmin)
{
HttpCookie cookie = httpContext.Request.Cookies.Get(SessionName);
session result;
string _sessionID;
Guid _sessionGUID;
if (cookie != null)//checks if cookie is null
{
_sessionID = cookie.Value;
if (Guid.TryParse(_sessionID, out _sessionGUID))
{
if (_sessionGUID != null)//checks if Guid is null
{
var sessionList = sessions.GetAll();
session _session = new session();
bool tryResult = false;
try //checks if Guid is in database
{
_session = sessionList.Where(s => s.sessionGUID.Contains(_sessionID)).FirstOrDefault();
tryResult = !(_session.Equals(default(session)));
}
catch (Exception e)
{
Console.WriteLine("An error occurred: '{0}'", e);
}
if (tryResult)//session found in database
{
//Redirect to login page if user is not authorized
if (checkUser || checkAdmin)
{
RedirectUser(_session, httpContext, checkAdmin);
}
cookie.Expires = DateTime.Now.AddDays(1);//update cookie expiry date
return _session;
};
}
}
}
//Session not found, create new
result = createNewSession(httpContext);
return result;
}
private void RedirectUser(session _session, HttpContextBase httpContext, bool checkAdmin)
{
bool redirectToLoginPage = false;
if (_session.idStaff == null)
{
redirectToLoginPage = true;
}
else if (checkAdmin)
{
var _user = users.GetByKey("id", _session.idStaff.Value);
if (_user.role != "Admin")
{
redirectToLoginPage = true;
}
}
if (redirectToLoginPage)
{
//Redirect to login page if user is not authorized
var _Url = httpContext.Request.Url;
string pathToLogin = _Url.Scheme + "://" + _Url.Authority +
"/Login/Login";
httpContext.Response.Redirect(pathToLogin, false);
}
}