– Sessions en ASP .NET Core 1.0 y ASP .NET MVC 4


I am doing a series of tests in ASP .NET MVC Core 1.0 to see if it is convenient to migrate the project from MVC 4 to MVC Core 1.0 many of the errors that I got are already fixed.

I'm having trouble passing the parameters contained in the sesionManange :

sesionManage.cuenta =;
sesionManage.devKey = WAutofactura_Respuesta.DevKey;
sesionManage.schema = WAutofactura_Respuesta.Schema;
sesionManage.mobileKey = WAutofactura_Respuesta.MobileKey;

which the problem is this line:

HttpContext.Session["sessionManage"] = sesionManage;

So my question is How can I pass the parameters of the sesionManange variable to a HttpContext.Session variable in ASP.NET MVC Core 1.0?

Doing a bit more research on session variables I found this method to serialize my sesionManange model:

public static class SessionExtensions
    public static T GetObject<T>(this ISession session, string key)
        where T : class
        var json = session.GetString(key);
        if (json == null)
            return null;
        return JsonConvert.DeserializeObject<T>(json);
    public static void SetObject(this ISession session, string key, object value)
        var json = JsonConvert.SerializeObject(value);
        session.SetString(key, json);

Which marks me errors in GetObject<T> and SetObject , this is the error that marks me:

Extension methods must be defined in a top level static class; SessionExtensions is a nested class


I'm a bit late to answer this question, but based on the fact that I just finished a project with similar characteristics, I found it interesting to share with the community because we all work with Legacy Code all the time.

First say that migrating an MVC4 project to .Net Core 1.0, 2.0, …, 3.1 is an interesting task but the security area in my personal opinion is one of the most interesting. Note that in terms of security the world has moved away from the use of Session / Cookies for multiple reasons:

  1. Scalability
  2. Security
  3. Integration with WebApi

Just to mention the ones that have given me headaches. On the other hand, the trend in the community of developers and security specialists is JWT, IdentityServers and OAuth2, an investigation can give you a good idea of ​​how to implement security when you migrate, and especially it is extremely useful if you are integrating create SPA (Single Page Application) or PWA (Progressive Web Application) with any of the new javascript frameworks (typescript) Angular, ReactJS or Vue.

Thank you and if you have any questions I will gladly answer you.

Happy Coding !!!

Scroll to Top