I have a need to encrypt query string elements but I want to use a per session key. I don't want the user to come back later with the same querystring and be able to use it again. I created an IHttpModule for decrypting the querystring elements (derived from QueryStringModule.cs that's floating around). The problem is the first time through the session is null (as expected since it is a new page request). Is there a way to force session to be active here?
public void Init(HttpApplication context)
context.BeginRequest += new EventHandler(OnBeginRequest);
void OnBeginRequest(object sender, EventArgs e)
HttpContext context = HttpContext.Current;
string key = (string)context.Session["sessionkey"];
In this case, context session is null.
View Complete Post