Just as a general practice, I wouldn't store the user password in the
session state. There's also no real good reason to do so either.
What I generally do is store the user full name and other information
from my database tables into a UserInfo class object that I store in a
session variable. I can then use any of the properties for customization
that I need to throughout the application.
But, there is just about never a reason to store the user password in a
session object in order to accomplish that.
Lowell
Leon wrote:
Exactly, that's the way I do it also, but to give the user more
personalization you would won't to store things such as the user Name,
email, etc. within session state right? However, is it secure to store to
store a user password with session state (yes/no--why)? Thanks!!!
"Lowell Heddings" <lo****@mindjunction.com> wrote in message
news:%2****************@TK2MSFTNGP11.phx.gbl...
You would probably want to check the user credentials during the login
process, and then store a session variable saying that the user is logged
on. You would want to check that session variable on each page, or in a
common user control or master page.
Something like:
Session["LoggedOn"] = true;
That's the way that I do it.
Lowell
Leon wrote:
Is it a good idea to load a user username/email and password into session
state if you will be validating information against those credential
through-out the use of the web application? or is it best or more secure
to just get that information from the database when needed?