469,903 Members | 2,201 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 469,903 developers. It's quick & easy.

Session State Question?

Is it a good idea to load a user username/email and password into session
state if you will be validating information against those credential
through-out the use of the web application? or is it best or more secure to
just get that information from the database when needed?
Nov 16 '05 #1
3 1119
You would probably want to check the user credentials during the login
process, and then store a session variable saying that the user is
logged on. You would want to check that session variable on each page,
or in a common user control or master page.

Something like:

Session["LoggedOn"] = true;

That's the way that I do it.

Lowell

Leon wrote:
Is it a good idea to load a user username/email and password into session
state if you will be validating information against those credential
through-out the use of the web application? or is it best or more secure to
just get that information from the database when needed?

Nov 16 '05 #2
Exactly, that's the way I do it also, but to give the user more
personalization you would won't to store things such as the user Name,
email, etc. within session state right? However, is it secure to store to
store a user password with session state (yes/no--why)? Thanks!!!

"Lowell Heddings" <lo****@mindjunction.com> wrote in message
news:%2****************@TK2MSFTNGP11.phx.gbl...
You would probably want to check the user credentials during the login
process, and then store a session variable saying that the user is logged
on. You would want to check that session variable on each page, or in a
common user control or master page.

Something like:

Session["LoggedOn"] = true;

That's the way that I do it.

Lowell

Leon wrote:
Is it a good idea to load a user username/email and password into session
state if you will be validating information against those credential
through-out the use of the web application? or is it best or more secure
to just get that information from the database when needed?

Nov 16 '05 #3
Just as a general practice, I wouldn't store the user password in the
session state. There's also no real good reason to do so either.

What I generally do is store the user full name and other information
from my database tables into a UserInfo class object that I store in a
session variable. I can then use any of the properties for customization
that I need to throughout the application.

But, there is just about never a reason to store the user password in a
session object in order to accomplish that.

Lowell

Leon wrote:
Exactly, that's the way I do it also, but to give the user more
personalization you would won't to store things such as the user Name,
email, etc. within session state right? However, is it secure to store to
store a user password with session state (yes/no--why)? Thanks!!!

"Lowell Heddings" <lo****@mindjunction.com> wrote in message
news:%2****************@TK2MSFTNGP11.phx.gbl...
You would probably want to check the user credentials during the login
process, and then store a session variable saying that the user is logged
on. You would want to check that session variable on each page, or in a
common user control or master page.

Something like:

Session["LoggedOn"] = true;

That's the way that I do it.

Lowell

Leon wrote:
Is it a good idea to load a user username/email and password into session
state if you will be validating information against those credential
through-out the use of the web application? or is it best or more secure
to just get that information from the database when needed?


Nov 16 '05 #4

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

10 posts views Thread by tshad | last post: by
2 posts views Thread by DC | last post: by
14 posts views Thread by GaryDean | last post: by
reply views Thread by Salome Sato | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.