Professional Web Applications Themes

sessions and forms authentication tickets - ASP.NET Security

When implementing ASP.NET forms authentication everything worked out just fine. I wanted to add the UserID and UserFName to my usage so I would have this information throughout their session without having to return to the database. I am upgrading from ASP so my first thought is Session(?UserID?) which works fine if the user stays in the same folder (members). But if they click a link outside that folder and return to that folder the Session values I had set are now gone. I use the return path code so when they click the login link it takes them to ...

  1. #1

    Default sessions and forms authentication tickets

    When implementing ASP.NET forms authentication everything worked out just
    fine. I wanted to add the UserID and UserFName to my usage so I would have
    this information throughout their session without having to return to the
    database. I am upgrading from ASP so my first thought is Session(?UserID?)
    which works fine if the user stays in the same folder (members). But if
    they click a link outside that folder and return to that folder the Session
    values I had set are now gone.

    I use the return path code so when they click the login link it takes them
    to the default.aspx login page without logging in again. Like I said
    earlier, when they login the Session values work, and if they click links
    in the same folder (members) the Session values work, but if they go to
    another folder and return to the members folder the Session values are gone.

    Should I not use Session(?Value?)? How can I add other values to the
    FormsAuth Ticket we created and use in my pages to display User Name?

    --
    Message posted via [url]http://www.dotnetmonster.com[/url]
    Justin Morris via DotNetMonster.com Guest

  2. #2

    Default Re: sessions and forms authentication tickets

    You can easily add custom data to an auth cookie by using the following:

    FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(
    1,
    email,
    System.DateTime.Now,
    System.DateTime.Now.AddMinutes(30),
    false, // not persistent
    userData, // <-- THIS CAN BE A STRING OF YOUR CUSTOM DATA, PERHAPS
    SEMI-COLON DELIMITED.
    FormsAuthentication.FormsCookiePath);

    Note: the 'userdata' variable which is of type string.

    --

    - Paul Glavich
    ASP.NET MVP
    ASPInsider ([url]www.aspinsiders.com[/url])


    "Justin Morris via DotNetMonster.com" <forumnospam.DotNetMonster.com> wrote
    in message news:a6cbd5f34654423a9537afe03f335fa1DotNetMonste r.com...
    > When implementing ASP.NET forms authentication everything worked out just
    > fine. I wanted to add the UserID and UserFName to my usage so I would
    have
    > this information throughout their session without having to return to the
    > database. I am upgrading from ASP so my first thought is
    Session(?UserID?)
    > which works fine if the user stays in the same folder (members). But if
    > they click a link outside that folder and return to that folder the
    Session
    > values I had set are now gone.
    >
    > I use the return path code so when they click the login link it takes them
    > to the default.aspx login page without logging in again. Like I said
    > earlier, when they login the Session values work, and if they click links
    > in the same folder (members) the Session values work, but if they go to
    > another folder and return to the members folder the Session values are
    gone.
    >
    > Should I not use Session(?Value?)? How can I add other values to the
    > FormsAuth Ticket we created and use in my pages to display User Name?
    >
    > --
    > Message posted via [url]http://www.dotnetmonster.com[/url]

    Paul Glavich [MVP ASP.NET] Guest

Similar Threads

  1. Replies: 1
    Last Post: November 10th, 03:44 PM
  2. ASP.Net Forms authentication with basic authentication popup
    By Brett Porter in forum ASP.NET Security
    Replies: 2
    Last Post: January 20th, 02:17 PM
  3. Replies: 1
    Last Post: October 20th, 06:04 PM
  4. Authentication ticket, cookieless, forms authentication?
    By Lauchlan M in forum ASP.NET Security
    Replies: 0
    Last Post: October 1st, 12:23 AM
  5. Sessions, authentication and $_SERVER
    By Stephen Poley in forum PHP Development
    Replies: 5
    Last Post: August 21st, 01:30 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139