All geek questions in one place

.NET Session - Persist session, even when the user closes the browser

We use .net framework 3.5 and C #.

We have a website that requires user login. Therefore, we use the database to verify the correct input / password.

Then we call FormsAuthentication.SetAuthCookie () , so the user we will register in my application.

And on all subsequent pages, we check with User.Identity.IsAuthenticated () if the user is logged in.

We want to keep this session even when the user closes the server.

What is the best way to do this?

We also have a problem with lost sessions, suddenly the user has lost his authenticated status, I think that with such new persistence we can also solve this problem.

(sorry for my english ..... portuguese speaker)

+4
source share
2 answers

You cannot mix terms, remember that asp.net has both an authentication cookie and a session state.

You seem to be looking for a persistent cookie. to have a persistent auth cookie attempt.

FormsAuthentication.SetAuthCookie("xxx",true);

http://msdn.microsoft.com/en-us/library/twk5762b(v=vs.90).aspx

passing the truth will allow the authentication cookie to survive the browser reboot. you should also consider your timeout values ​​for forms and session authentication in your web.config

 <authentication mode="Forms"> <!-- The name, protection, and path attributes must match exactly in each Web.config file. --> <forms loginUrl="Default.aspx" name=".ASPXFORMSAUTH" protection="All" path="/" timeout="360"/> </authentication> <sessionState mode="InProc" timeout="360" />
+6
source

I would suggest a cleaner approach for storing session information. Of course, Shay’s approach to preserving the authentication cookie is correct , but storing sessionState in the process for a long time has serious drawbacks when scaling the application for multiple simultaneous users.

First, to clarify, the state of a session means literally everything you can get through the Session[] collection.

The best method that I have seen a successfully used * big bank is to store information related to a constant session inside a database.

Basically you need

  • A table with primary and foreign , tied to a user ID: a) as many columns as necessary for storing variables; b) one BLOB column containing the serialized class value
  • Class PersistentSession
  • Fill this object in the Global.asax Session_Start method or better Application_PostAuthenticateRequest and save it in the Session object
  • Save an object from Session to DB in the Global.asax Session_End method

If you chose approach B, just serialize / deserialize the object and you get it!

* The real way of using SAVESESSION for these guys was completely different.

+1
source

Source: https://habr.com/ru/post/1402758/

More articles:


All Articles