Forms Authentication and Session Variables

Jim

Hi,

I am using forms based authentication for my website. Whilst testing I have
noticed that occasionaly it appears that the Context.User.Id entity.Name is
valid however the session variables that I have created as the website is
used have been lost.

I think it is something to do with the session timeout. I thought when the
session times out (session varaibles lost) the user context is cleared as
well - or is this an incorrect assumption.

Your thoughts would be most welcome.

Nov 19 '05 #1

Subscribe Reply

1948

DotNetJerome

Hi Jim,

Context object holds data for a single user, for a single request and it is
only persisted for the duration of the request.

Cheers,

Jerome. M

"Jim" wrote:

Hi,

I am using forms based authentication for my website. Whilst testing I have
noticed that occasionaly it appears that the Context.User.Id entity.Name is
valid however the session variables that I have created as the website is
used have been lost.

I think it is something to do with the session timeout. I thought when the
session times out (session varaibles lost) the user context is cleared as
well - or is this an incorrect assumption.

Your thoughts would be most welcome.

Nov 19 '05 #2

Jim

Thanks Jerome,

Starting to make a bit more sense now. I've created my own principal and
identity objects to store all information relating to the user (name,
company,email address etc) that is used frequently by the pages within the
website. I was using session data for this but was experiencing problems
when the session timed out yet the user was still authenticated. I guess i
am on the right track now.

Is the Context.User information populated from cookie information stored on
the client? If so, is it sent back and forth with each request? Might have
to trim the data I store if that is the case.

Am I correct in thinking that the Context.User is only lost when the browser
window is closed (or is there a timeout associated with the authentication
process)?

Many thanks again.

Jim
"DotNetJero me" <reachjerome@_y ahoo.com-remove-the-underscore-after@> wrote
in message news:89******** *************** ***********@mic rosoft.com...

Hi Jim,

Context object holds data for a single user, for a single request and it
is
only persisted for the duration of the request.

Cheers,

Jerome. M

"Jim" wrote:
Hi,

I am using forms based authentication for my website. Whilst testing I
have
noticed that occasionaly it appears that the Context.User.Id entity.Name
is
valid however the session variables that I have created as the website is
used have been lost.

I think it is something to do with the session timeout. I thought when
the
session times out (session varaibles lost) the user context is cleared as
well - or is this an incorrect assumption.

Your thoughts would be most welcome.

Nov 19 '05 #3

Similar topics

1661

ASP.NET Forms Authentication Questions...

by: Paul Daly (MCP) | last post by:

Background: I want to be able to authenticate users whose usernames & passwords are stored in a SQL database. I only want certain pages to require authentication. I have tried to implement this by creating the following class public class SecuredPage : System.Web.UI.Page { protected void Page_Load(object sender, EventArgs e)

.NET Framework

2127

Session variables with forms based authentication

by: Morten | last post by:

Hi! I've been implementing forms based authentication in a web project. It works pretty good. When I log on by clicking the "login" button the following code is executed: if (ValidateUser(strUserName,txtUserPass.Value)) { DBFunctions Commoncode; Commoncode = new DBFunctions();

C# / C Sharp

673

Multiple sessions and forms-based authentication

by: Rob | last post by:

I have an ASP.NET application that uses forms-based authentication. A user wishes to be able to run multiple sessions of this application simultaneously from the user's client machine. The web.config file is configured as such: <authentication mode="Forms"> <forms loginUrl="Login.aspx" protection="All" name="myApplication"/> </authentication>

ASP.NET

2093

Forms authentication & frames

by: Martin | last post by:

Hi, After I gave up on tracking user sessions through the session object (Session_OnEnd is still not triggered by Abandon() even with mode=InProc and me manipulating session variables; in a new test project it is only triggered the first time, it really sucks pretty bad) I started looking at alternatives and I found FormsAuthentication. I just implemened it and it seems very nice. But, of course, there is a problem with it (it wouldn't...

ASP.NET

262

forms authentication question

by: mike parr | last post by:

I am using Forms authentication for the first time, and I'm having problems with it. I have 3 pages relating to the login, default.aspx, default_new_user.aspx and default_user.aspx. Default.aspx is for checking for a cookie so that I can authorise the user and send them to default_user.aspx (which is for users who have logged in/been authenticated successfully) : private void Page_Load(object sender, System.EventArgs e) {

ASP.NET

1110

not redirecting to login page while using forms authentication

by: Pradeep Pise | last post by:

Hello All, I have a problem in my project. I have used forms authentication and code is embedded in web.config. <authentication mode="Forms"> <forms name="AuthCookie" path="/" loginUrl="login.aspx" protection="All? timeout="120? > </forms> </authentication>

ASP.NET

1626

Forms auth and session question...

by: Jon | last post by:

If a session times out, but the forms auth is still logged in it's possible for users to go to pages on the site that need those session variables. I was under the impression that using forms auth would make it so I would not need to check if session vars were still around. I'm confused! Perhaps someone can clear this up for me? -- ******************************** Jon

ASP.NET

1522

Persistent Forms Authentication - and Session Variables

by: Max | last post by:

Hi All! I'm doing an ASP.NET project which uses Persistent Forms Authentication (i.e. once user logged in, they don't have to log in again). However Session variables are erased after Session has timed out. So I need to re-populate user specific session variables (such as user email, DOB, Full Name...etc) when Session has ended. But strangely, when I tried to do something like....

ASP.NET

470

Forms Authentication and Session Variables

by: Schultz | last post by:

I am having two problems in the application I am building, the first has to do with forms authentication. The application has three different login pages: 1- for admins 2- for users 3- for guest access (to view data entered by the users) Each page is programmed to create a custom forms authentication cookie that stores what access level they are, which would prevent a guest

ASP.NET

5326

Forms authentication vs session variable

by: Bjorn Sagbakken | last post by:

In a web-application with login creds (user, pwd), these are checked against a user table on a SQL server. On a positive validation I have saved the userID, name, custno and role-settings in a userobject (custom build class) and added this to the session using as session variable like session For all other pages I have added a small test in the page_load event, basically testing if the session != null, but also checking if the...

ASP.NET

9586

What is ONU?

by: marktang | last post by:

ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look ! Part I. Meaning of...

General

9423

Changing the language in Windows 10

by: Hystou | last post by:

Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...

Windows Server

10210

Problem With Comparison Operator <=> in G++

by: Oralloy | last post by:

Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. Here is my compilation command: g++-12 -std=c++20 -Wnarrowing bit_field.cpp Here is the code in...

C / C++

10043

Maximizing Business Potential: The Nexus of Website Design and Digital Marketing

by: jinu1996 | last post by:

In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...

Online Marketing

9990

The easy way to turn off automatic updates for Windows 10/11

by: Hystou | last post by:

Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...

Windows Server

7406

Access Europe - Using VBA to create a class based on a table - Wed 1 May

by: isladogs | last post by:

The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms. Adolph will...

Microsoft Access / VBA

5298

Trying to create a lan-to-lan vpn between two differents networks

by: TSSRALBI | last post by:

Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...

Networking - Hardware / Configuration

3956

transfer the data from one system to another through ip address

by: 6302768590 | last post by:

Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system

C# / C Sharp

3561

How to add payments to a PHP MySQL app.

by: muto222 | last post by:

How can i add a mobile payment intergratation into php mysql website.

PHP