Session Variable Alternative

[Guest]

I have a few questions for ASP.net in C#. I am using a session variable to
pass the user name from page to page. After a while, the session variable
times out. Is there a way around the time out? Also, what would be a better
way to keep track of the user's name. Will using forms authentication work
better? Right now it is just a debug application, so I didn't turn on Forms
Authentication. I've also never used it. So I don't know what it can
handle, etc....

Thanks -

Drew

 

[John Timney \(Microsoft MVP\)]

The only way to avoid loss of data on a timeout is to use a cookie and store
your values in there, as cookies can persist between sessions. You can
lengthen the timeout of a session in your web.config.

Have a read of this to learn a bit more about sessions.....
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnaspnet/ht
ml/asp12282000.asp

It doesn't really matter what authentication method you use, if you lose
your session via timeout for example the authentication credentials will go
too.

Regards

John Timney
Microsoft Regional Director
Microsoft MVP

 

[Mark Rae]

The only way to avoid loss of data on a timeout is to use a cookie and store
your values in there, as cookies can persist between sessions.

Rubbish! If you *really* want to persists data between sessions, store it in
a server-side database.

 

[Joe Fallon]

You can use a StateServer to store session data in RAM on another box (or
another process on the same box.)
This won't help witha timeout though. (It will save you when the aspnet
process recycles itself.)

You can also persist the session to a database if you want. SQL Server only
for 1.1, should be extensible to any DB for 2.0. This will keep the data as
long as you like.

I use forms authentication and store the user name in the Identity object
which is available on every request becasue I keep it in session and pull it
out in Global.asax - AcquireRequest State.

 

[John Timney \(Microsoft MVP\)]

You are correct that you can obviously store data in a server side database,
or a text file even - but it implies that you have information about your
user that identifies them as each new session begins - and in fact a
database to actually hold the values in. Drew could of course also use the
application object byt that itself does not offer persistence between
applications recycling.

If you read the thread - Drew was asking how to persist the username between
sessions in case of timeout. If he is getting the user name at login from a
server side store why would he need to persist it between timeouts at all?
Perhaps I should have said the "easiest way" to persist was with a cookie,
rather than the "only way", as any server side storage between sessions
implies requiring knowledge about the remote user it is by far the most
straightforward approach.

Regards

John Timney
Microsoft Regional Director
Microsoft MVP

 

[Guest]

Thanks guys - I will try this on Monday and get back with you.