Session State Question?

  • Thread starter Thread starter Leon
  • Start date Start date
L

Leon

Is it a good idea to load a user username/email and password into session
state if you will be validating information against those credential
through-out the use of the web application? or is it best or more secure to
just get that information from the database when needed?
 
You would probably want to check the user credentials during the login
process, and then store a session variable saying that the user is
logged on. You would want to check that session variable on each page,
or in a common user control or master page.

Something like:

Session["LoggedOn"] = true;

That's the way that I do it.

Lowell
 
Exactly, that's the way I do it also, but to give the user more
personalization you would won't to store things such as the user Name,
email, etc. within session state right? However, is it secure to store to
store a user password with session state (yes/no--why)? Thanks!!!

Lowell Heddings said:
You would probably want to check the user credentials during the login
process, and then store a session variable saying that the user is logged
on. You would want to check that session variable on each page, or in a
common user control or master page.

Something like:

Session["LoggedOn"] = true;

That's the way that I do it.

Lowell


Is it a good idea to load a user username/email and password into session
state if you will be validating information against those credential
through-out the use of the web application? or is it best or more secure
to just get that information from the database when needed?
Click to expand...
Click to expand...
 
Just as a general practice, I wouldn't store the user password in the
session state. There's also no real good reason to do so either.

What I generally do is store the user full name and other information
from my database tables into a UserInfo class object that I store in a
session variable. I can then use any of the properties for customization
that I need to throughout the application.

But, there is just about never a reason to store the user password in a
session object in order to accomplish that.

Lowell


Exactly, that's the way I do it also, but to give the user more
personalization you would won't to store things such as the user Name,
email, etc. within session state right? However, is it secure to store to
store a user password with session state (yes/no--why)? Thanks!!!

You would probably want to check the user credentials during the login
process, and then store a session variable saying that the user is logged
on. You would want to check that session variable on each page, or in a
common user control or master page.

Something like:

Session["LoggedOn"] = true;

That's the way that I do it.

Lowell


Is it a good idea to load a user username/email and password into session
state if you will be validating information against those credential
through-out the use of the web application? or is it best or more secure
to just get that information from the database when needed?
Click to expand...
Click to expand...
Click to expand...
 
Back
Top