sorry, I mean the viewstate, of course the session state will not be
transfered to the client.
but is httpcontext.current.user content in the _VIEWSTATE string in the
html??
"Scott Allen" <sc***@nospam.OdeToCode.com> wrote in message
news:53*********************@msnews.microsoft.com. ..
Session state is not sent to the client - only a cookie is sent to the
client with a session identifier. The server can examine the ID in the
cookie and look up the session state when a request arrives.
--
Scott
http://www.OdeToCode.com/blogs/scott/
hi all
I use a custom windows principal to the httpcontext.current.user in a
windows authenitcation asp.net app. There are other objects added to
the
principal. during the
WindowsAuthentication_OnAuthenticate() call, the principal will be
load
rights for the current user alone with the roles. now I wonder if the
USER
object be encrypted and send to the client?
what I my concern is when the roles and rights become large, it will
effect the performance.