Hangfire Dashboard: Post requests have null Session.

Created on 22 Aug 2017 · 7Comments · Source: HangfireIO/Hangfire

I am using session variables for dashboard authentication. It works fine for logging in, the session variable is set. I can access the dashboard, the list of enqueued/scheduled/failed jobs, they return the session cookie to the server, but when I click on any job in them, the HttpContext.Current.Session is null.

For example: For the url: ~/job/details/225

Authorize returns false on requests generated when trying to view job details of hangfire jobs in any list.
C# public class CustomDashboardAuthFilter : IDashboardAuthorizationFilter { public bool Authorize(DashboardContext context) { if (System.Web.HttpContext.Current.Session == null) { // Session is always null for requests generated by clicking on a job return false; } //some other case: return true; } }
Hangfire.Core (1.6.14)
Hangfire.MySqlStorage (1.0.5)

Source

ab3nash

Most helpful comment

I finally made it work.
Thank you @TehIMP .

For anyone else who stumble upon this same problem,
Turns out that the configuration above is for _registering the HTTP Module in IIS 6.0 and IIS 7.0 Classic Mode_.

I had to use the following configuration for _registering the HTTP Module in IIS 7.0 Integrated Mode_:

<system.webServer>
    <modules>
        <add name="ForceSessionModule" type="SomeNamespace.ForceSessionModule"/>
    </modules>
</system.webServer>

WIth the following implementation of the IHttpModule as suggested by @TehIMP :

namespace SomeNamespace
{
    public class ForceSessionModule : IHttpModule
    {
        public void Init(HttpApplication context)
        {
            context.PostAuthorizeRequest += OnPostAuthorizeRequest;
        }

        public void Dispose() { }

        private void OnPostAuthorizeRequest(object sender, EventArgs eventArgs)
        {
            var context = ((HttpApplication)sender).Context;
            var request = context.Request;
            // for all requests, SetSessionStateBehavior to SessionStateBehavior.Required
            if ((request != null
                 && request.AppRelativeCurrentExecutionFilePath != null
                 && request.AppRelativeCurrentExecutionFilePath.StartsWith(
                    "~/", 
                    StringComparison.InvariantCultureIgnoreCase)))
            {
                context.SetSessionStateBehavior(SessionStateBehavior.Required);
            }
        }
    }
}

ab3nash on 5 Oct 2017

👍3

All 7 comments

Likely has nothing to do with Hangfire, but with IIS configuration instead. Try the solution from here.

pieceofsummer on 23 Aug 2017

I do not think that is the problem. (Tried the solution, did not work) The requests generated from pages other than job details requests have session values set. Only requests generated by clicking on a job has null value of HttpContext.Current.Session.
May be it is a problem with how the requests are generated?

Edit: Requests generated while rescheduling or deleting a job also have null session value.

ab3nash on 28 Aug 2017

Stumbled upon the same issue. To make it work I had to make a http module that forces a session to be used for all hangfire requests:

public class ForceSessionModule : IHttpModule
{
        public void Init(HttpApplication context)
        {
            context.PostAuthorizeRequest += OnPostAuthorizeRequest;
        }

        public void Dispose() {}

        private void OnPostAuthorizeRequest(object sender, EventArgs eventArgs)
        {
            var context = ((HttpApplication)sender).Context;
            var request = context.Request;
            if ((request != null 
                 && request.AppRelativeCurrentExecutionFilePath != null 
                 && request.AppRelativeCurrentExecutionFilePath.StartsWith("~/hangfire", StringComparison.InvariantCultureIgnoreCase)))
            {
                context.SetSessionStateBehavior(SessionStateBehavior.Required);
            }
        }
}

chhjel on 23 Sep 2017

👍1

This is not working for me. I have Hangfire configured at "~/scheduler" and I used that in place of "~/hangfire". But sessions are still null despite setting the SessionStateBehavior to Required.
I think I am missing something. Could you please guide me?

ab3nash on 25 Sep 2017

Did you register the module in web.config?

chhjel on 25 Sep 2017

Yes. Configuration:

<system.web>        
    <httpRuntime targetFramework="4.5.1" />        
    <compilation debug="true" targetFramework="4.5.1" />
    <httpModules>
          <add name="ForceSessionModule" type="ForceSessionModule"/>
    </httpModules>
</system.web>

I have used the same implementation of IHttpModule from the above comment.