TempData Not Being Cleared

Question

I'm working on an ASP.NET MVC 3 web application, where i use TempData to store a model object, in the scenario where the user is not logged in.

Here's the flow:

1. Use submits form.
2. Code (special action filter) adds model to TempData , redirects to logon page.
3. User redirected back to GET action, which reads TempData and calls POST action directly

After step 3, i would have thought TempData would be cleared?

Here's the code:

[HttpGet]
public ActionResult Foo()
{
    var prefilled = TempData["xxxx"] as MyModel;
    if (prefilled != null)
    {
       return Foo(prefilled);
    }
}

[HttpPost]
[StatefulAuthorize] // handles the tempdata storage and redirect to logon page
public ActionResult Foo(MyModel model)
{
   // saves to db.. etc
}

I found this article which states:

1. Items are only removed from TempData at the end of a request if they have been tagged for removal.
2. Items are only tagged for removal when they are read.
3. Items may be untagged by calling TempData.Keep(key).
4. RedirectResult and RedirectToRouteResult always calls TempData.Keep().

Well by reading it with TempData["xxx"] isn't that a "read" and therefore they should be tagged for removal?

And the last one concerns me a bit - since i'm doing a Redirect after the POST (P-R-G). But this can't be avoided.

Is there a way i can say "ditch this item". TempData.Remove ? Or am i doing this wrong?

Answer 1

Fixed by adding TempData.Remove right after i read it.

Not really happy about this. I thought the whole point of TempData was that i didn't have to do this.

May as well be using Session directly.

Answer 2

There are 2 GET HTTP requests involved here:

1. The first request is sent by the client and is the one which stores something into TempData
2. At the end of the first request the client sends a second HTTP request to fetch the logon page.

There is no POST request involved in your scenario. The fact that from your GET Foo action you are invoking the POST Foo action doesn't mean that there is a separate request being performed (you are still in the context of the initial GET request). It is only a C# method call, not a separate request.

You store something into TempData during the first request and this TempData will be available for the second one. So it will be available in the controller action rendering the logon page.

So you must read from TempData in action rendering the logon page if you want TempData to be removed.

Answer 3

Below are some of the key points to note when using Temp data.

1) A read access to temp data doesn't remove items from the dictionary immediately, but only marks for deletion.

2) Temp data will not always remove the item that has been accessed. It only removes the item when an action results in an Http 200 status code (ViewResult/JsonResult/ContentResult etc).

3) In case of actions that result in an Http 302 (such as any redirect actions), the data is retained in storage even when it is accessed.