I am in the process of re-developing a ASP.NET web forms application to an ASP.NET MVC application. I'm also an MVC newbie, so
bare bear with me!
One area that I'm unsure about is how to handle settings that are unique to each session. I have played with a custom membership provider but I don't think this will work for my application. The web forms application used the session to store settings:
- User accessed site: windows logon checked, if matched a record in the DB then the user was logged on, otherwise redirected to logon form. Users information stored in a CurrentUser session variable. This session variable is accessed to determine what can / can not be seen on some pages depending on their user level.
- User would be presented with 'default' filtering / sorting of items on the homepage. When filter/sort was changed, the changes were stored in the session variable. If the user navigated away from the homepage and then returned the values in the session were used to display the homepage as they left it.
- More than one user could log on with the same credentials - i.e. 'generic' logons were being used.
All the MVC documentation would seem to suggest that the use of the session object should be avoided (we should be stateless). If I use a custom membership provider to store user filters/sort orders then won't it effect ALL users using the credentials?
What is the 'correct' MVC way to handle this scenario?
Thanks for any help!
<Aman.A>fixed a pretty scary typo</Aman.A>