ASP.NET MVC: ensure user always has a session variable set

Question

Consider an ASP.NET MVC application that requires a session variable be set. It's used throughout the app. It'll be set by either reading a hashed value on the browser cookie, or after having the user login.

In the WebForms + Master Page model, I'd check the Page_Load() of the master page. Perhaps not the ultimate event, but it was an easy one to find.

How would you check and enforce the existence of a session variable in ASP.NET MVC? Consider that this question might not involve user login details, but some other piece of data (first visit time, perhaps).

Solution Attempts

public void Application_BeginRequest(Object source, EventArgs e)
{
    HttpApplication application = (HttpApplication)source;
    HttpContext context = application.Context;

    context.Session["SomeDateTime"] =  DateTime.Now.ToString();

    // results in Object reference not set to an instance of an object.
    // context.Session is null
} 

Answer 1

You have two options.

1.Place logic in base controller's Initialize function

Assuming that all your controllers inherit from a base controller, you can place the logic needed in the override of the Execute() function of the base controller.

public class BaseController : Controller
{
    public BaseController()
    {

    }

    protected override void Initialize(System.Web.Routing.RequestContext requestContext)
    {
            // check if the user has the value here using the requestContext.HttpContext object
    }
{

2. Use the Global.asax void Application_PreRequestHandlerExecute(Object source, EventArgs e) function

public void Application_PreRequestHandlerExecute(Object source, EventArgs e)
{
    HttpApplication application = (HttpApplication)source;
    HttpContext context = application.Context;

    // use an if statement to make sure the request is not for a static file (js/css/html etc.)
    if(context != null && context.Session != null)
    {
          // use context to work the session
    }
}

Note: The second part works with any ASP.NET application, WebForms or MVC.

As for enforcing that they have a certain session variable, its very open really. You can redirect to a certain page for them to fill out a form or select an option or something. Or maybe just have a default value that is set to a certain session key if it is not found.

EDIT

While playing with this, I noticed a big issue with Application_PreRequestHandlerExecute approach. The event handler is being called for any request done to the server, be it .css/.js/.html files. I'm not sure if this is an issue with the way my workstation is setup, or just how ASP.NET/IIS works, so I would make sure that this isn't being called on all requests when implementing the approach above.

It is for the previous reasons I wrapped the work to be done in the session with an if statement.