I have many model classes that are mapped from/to tables using EF. Two of them are User and UserCookie, which are stored in tables Users and UserCookies.
public class User
{
public long UserId { get; set; }
public string Fullname { get; set; }
public string Email { get; set; }
(...)
}
public class UserCookie
{
public long UserCookieId { get; set; }
public long? UserId { get; set; }
public virtual User User { get; set; }
public string CookieValue { get; set; }
}
Every controller in my ASP.NET MVC application is a child (inherits) of MyController, which is like this:
public class MyController : Controller
{
protected MyDbContext dbContext;
protected UserCookie userCookie;
protected User currentUser;
protected string cookieValue;
public MyController() : base()
{
this.dbContext = new MyDbContext();
this.cookieValue = "";
this.currentUser = null;
this.userCookie = null;
}
protected override void OnActionExecuting(ActionExecutingContext filterContext)
{
base.OnActionExecuting(filterContext);
HttpCookie cookie = Request.Cookies["LoginCookie"];
if (cookie != null)
{
this.cookieValue = cookie.Value;
this.userCookie = db.UserCookies.SingleOrDefault(c => c.CookieValue.Equals(cookieValue));
if (userCookie != null)
this.currentUser = userCookie.User;
}
}
protected override ViewResult View(string viewName, string masterName, object model)
{
ViewBag.CurrentUser = currentUser;
ViewBag.UserCookie = userCookie;
ViewBag.CookieValue = cookieValue;
return base.View(viewName, masterName, model);
}
}
When the user sign in successfully, I create a cookie in him with a random value, like this:
public ActionResult Login(...)
{
(...)
HttpCookie cookie = new HttpCookie("LoginCookie");
cookie.Value = Guid.NewGuid().ToString();
Response.Cookies.Add(cookie);
userCookie.User = user;
userCookie.CookieValue = cookie.Value;
db.UserCookies.Add(userCookie);
db.SaveChanges();
The problem with all this that I’ve shown is that I’m doing a request to the database in every HTTP request (that is, in every call to one of my actions).
I’m also not happy with the table UserCookies because it has to be cleaned and is not intuitive. Also the generated Guid is not safe.
I know how wrong is all this, but… I can’t figure out an elegant way of achieving the same benefits.
The main benefit of this is that I have access to currentUser in every action, so I can do stuff like this easily:
if (!currentUser.Privileges.Any(p => p.Privilege == PrivilegesEnum.Blah))
{
(...)
}
I also have access to currentUser in all of my views.
Questions:
- What is the most common way of achieving this in real professional software?
- If I wanted to use cache (like Redis), do I have to change a lot of stuff in the presented scenario?
- If I do use cache, should I store just the
userIdinstead of the entire User object?