Where best to handle per-request maintenance of external API session?

Bryan Drenner asked on September 23, 2014 20:12

For each browser session, our site maintains a session with an external e-commerce API. For each page request, our site should contact that API to check up on the status of the session. Finally, certain pages should require that the API session passes various business rules. If a rule doesn't pass, then a redirect should occur. Therefore, we need a way to specify which rules each page should check against the API session.

I can imagine a couple ways of specifying the rules that must be passed on a per-page basis:

  • Fields on a custom document type, with session maintenance triggered by CMSLoaderAttribute and some page event.
  • Properties on a web part that content editors can drop onto the page, with session maintenance triggered by its code-behind.
  • A custom configuration section / file specifying the rules on a per-URL basis, and an HTTP module to trigger session maintenance.

Would anyone recommend any of these solutions, or suggest a different solution altogether?

Recent Answers


Yehuda Lando answered on September 23, 2014 20:28

Is this dependent on what class the document is?

0 votesVote for this answer Mark as a Correct answer

Bryan Drenner answered on September 23, 2014 21:00

Yehuda, by "class" do you mean "document type"? In any case, I believe the answer is no.

However, the rules may be distinguished on a per-page-template basis. So another idea is to perform the session maintenance in a user control that gets placed on every page template, and let the user control's properties distinguish the rules for that particular page template.

0 votesVote for this answer Mark as a Correct answer

Brenden Kehren answered on September 24, 2014 00:45

I did something like this before and simply created a custom table and whenever this authentication/session initially took place I stored a record in the custom table. Then went back to the custom table as needed to get that info and validate it against the other system.

0 votesVote for this answer Mark as a Correct answer

Bill Tran answered on September 25, 2014 18:38

I would use the webpart approach.

If the rules are basically the same for each page, then I would add code to the global application file.

0 votesVote for this answer Mark as a Correct answer

   Please, sign in to be able to submit a new answer.