Maintain state after session dies

[Guest]

This is a very open ended question. I have an app with a page that uses link
buttons to change the display. On the prior page you have a list of objects.
You click one of those objects to see it's details. I have nav Link buttons
that allow you to go to previous or next object from the object list on
previous page. In the command event of the linkbutton, the page is redrawn
with the details of the next or previous object. I am using viewstate to
maintain the id of the current object, which is used in the command event to
grab the next or previous object's id which is used to get the info to
populate the page. This new object's id is again saved to viewstate. I am
using a session object to maintain state. This app is part classic, part
..net, so i'm not using forms authentication.

The question I have is when my session runs out, I want to be able to
redirect the user back to the view they were at when their session timed out
(after they successfully re-login).

So what are some ideas on how I maintain this state that is saved in
viewstate?

Right now I check my session in a user control. I think I'm going to redo
this because the page must load before the user control loads. I was
thinking of putting the check in the Begin_request event in global.asax
instead so that the page never runs without the user being authenticated. Is
this is decent strategy, or should I do something else. If this is OK, then
use this scenario to answer my original question.

thanks a bunch!

 

[Sanjay Tibrewal]

If I understand this correctly there are two issues you want to resolve.

1. Maintaining state when session runs out and
2. A proper authentication strategy

For (1) you will need to maintain current object id for the user in the
database or some permanent storage (local file etc) so that when the user
logs in again, after the session has run out, you read that id and populate
the page appropriately.

For (2) I would simply use the .config file to ensure people don't reach a
page unless they are authenticated.

HTH.

 

[Jim Mitchell]

Did you consider cookies?

 

[Tian Min Huang]

Hi,

I agree with the answer from Sanjay. In addition, please remember to save
the user information (say, user name) together with the object's id.

For ASP.NET Authentication, I believe the following articles are helpful:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechn
ol/windowsserver2003/proddocs/standard/aaconaspnetauthentication.asp

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/vsent7/html
/vxconASPNETAuthentication.asp

Have a nice day!

Regards,

HuangTM
Microsoft Online Partner Support
MCSE/MCSD

Get Secure! ¨C www.microsoft.com/security
This posting is provided ¡°as is¡± with no warranties and confers no rights.