Implementing Session in WebService
As we all know that all web applications are stateless and webServices are no exceptions.There are various techniques of state management in web applications viz
Hidden Fields
ViewState
Session
Application
Cache
HttpCookies
HttpContext
Since web services don't have any user interface we can't use Hidden fields and ViewState for maintaining state. Here in we will discuss how to maintain session in web services.
In my previous post regarding web services attributes http://www.dotnetspider.com/resources/16088-Web-Services-Attributes.aspx. I have specified what all attributes a web service can have and what is the use of each attribute. Let's talk in depth about EnableSession attribute:-
The EnableSession property is a Boolean property and allows us to enable sessions (this requires the use of the proxy object, which will be discussed in another article). Without the proxy object, this web property cannot be implemented as the property is discarded as soon as the value is assigned to it. Without a proxy object, only one request is allowed per session, and assigning a value to the property itself is a request and therefore the session is ended just after.
Now just have a look at the below code
[WebMethod]
public void SetSessionVariable(string str)
{
Session["id"] = str;
}
[WebMethod]
public string GetSessionVariable()
{
if ( Session["id"] != null )
return Session["id"].ToString();
else
return "Nothing in Session";
}
When you run this code for the first time It will give Object reference error in SetSessionVariable function since Session is not enables and thus Session object will be null.
To get around this issue you just need to tweak the WebMethod attribute a bit.Append the WebMethod attributes to the functions to enable sessions.
[WebMethod(EnableSession=true)]
public void SetSessionVariable(string str)
{
Session["id"] = str;
}
[WebMethod(EnableSession=true)]
public string GetSessionVariable()
{
if ( Session["id"] != null )
return Session["id"].ToString();
else
return "Nothing in Session";
}
Now try to run this sample by writing the following code
localhost.Service obj = new localhost.Service();
obj.SetSessionVariable(“Some Value");
MessageBox.Show(obj. GetSessionVariable().ToString());
What Happened this time?Did we get the value this time round from session?What have we done wrong……………
Well the web service code is ok but since web Services are stateless where will they store the session information. System.Net.CookieContainer class comes to the rescue.Since web services are a complete framework you will find a lot of things when you have just created them by writing a simple function one og the things is a CookieContainer property.Yeah you have to set this property to get the session thing working for you.
So here goes the complete code
localhost.Service obj = new localhost.Service();
System.Net.CookieContainer container= new System.Net.CookieContainer();
obj.CookieContainer=container;
obj.SetSessionVariable(“Some Value");//Sets value in session
MessageBox.Show(obj. GetSessionVariable().ToString());//Retrieves value from Session
Excellent article! Thanks a lot, I tried this and my application is able to mantain sessions on webservice. Please do let me know about the web service security with examples. It would be great help for me as this.