Right way to store server parameter for a user's request

Jun 2, 2014 at 10:13 PM
I was hoping that values stored in OwinContext during a user's request will also be accessible when the user has been authenticated and forwarded back to my site. However this doesn't seem to be the case.

So is the only reliable way to store information between several request for one user is storing the data using the AuthenticationProperties? Since it will be part of the encoded state?
Coordinator
Jun 2, 2014 at 10:25 PM
Sounds like session data, so yes, the only support for that right now is in the AuthenticationProperties. Be careful of the size though, as this data is often serialized in the URLs during the redirect flow. After sign-in the AuthenticationProperties are serialized in the cookie, which also has size limits.
Jun 2, 2014 at 10:31 PM
That's what I was afraid of, would using session be a bad practice?

If its okay, how would I access session from just the IOwinContext? Or do I need to use HttpContext instead?
Coordinator
Jun 2, 2014 at 11:09 PM
Edited Jun 2, 2014 at 11:10 PM
It's possible, but messy:
http://stackoverflow.com/questions/23565543/can-owin-middleware-use-the-http-session/23642780

Note this won't be associated with the authentication in any way.
Jun 3, 2014 at 2:55 PM
I see, guess using state is a better choice, just need to make sure the contents are minimized.