I am currently trying to allow users to "personalize" their background-image on a website I've created with C#-ASP.net. I imagined as far as that I create a if statement, checking if the currently logged in user matches with the session variable created when logging in, and if it does, it allows him to change his/her background-image. Before I did this, I also thought that the best way of testing if it would work that way is to try to write out the content of the session variable directly onto the page. Thats where the issue come in. All I am getting is the "name" of the session variable and nothing else. How can I get this changed?
The code below is pretty much what I've tried with the session variables this far
<%
// User with the name of "Bob" is logged in with code further up
var login_username = Request["login_username"];
Session["loggedIn"] = login_username;
Response.Write(Session["loggedIn"]);
// Results in it writing out "loggedIn".
// Expected "Bob".
%>
I'm going to be fair, I have no idea if this is enough for anyone to give me a hand and If I am even on the right track, but thats that. If theres a better way of doing this, I'm up for suggestions.
At the time of logging in, store your username into a session variable,
for eg: Session["loggedIn"] = username
Then, read the session value to a label text using
Convert.ToString(Session["loggedIn"]
Alternatively, one can write Response.Write(Session["loggedIn"]); to get the string of the variable.
Related
Im trying working on a web app project and trying to figure out how to display my answer on the second web page.
I have put a a text box on my first webpage and have corrected the coding of my application as I have received the correct answers in the textbox after I have debugged it.
Ideally I want to remove this textbox and want my answers which I managed to display on my textbox displayed on a label in the next webpage. Here is the calculation part of my code;
var cost = ((int)duration.TotalMinutes) * 0.35m;
txtCost.Text = cost.ToString("c");
I'd like to make my answer appear in my second webpage and not have it displayed in the first. I have tried using Session["Cost"] = cost; on the button click event handler of the first webpage double cost = (double)(Session["Cost"]);
lblDisplay.Text = cost.ToString("c");
and this on the second webpage but every time I Debug it and run I always get $0.00 displayed on my label. Can someone help me fix this?
Sharing value between two views in MVC application, try following
// To save into the Cache
System.Web.HttpContext.Current.Cache["CostKey"] = cost;
// To retrieve Cache Value
var cachedValue = System.Web.HttpContext.Current.Cache["CostKey"] as double;
For Session State, have a look at this link
In ASP.NET WebForms application, you can pass data around in various ways:
Cache
See the Learning Curve answer for examples.
However, the object put in the cache is not guaranteed to be found again if the server experiences memory shortage or alike. The ASP.NET manages the cache and evicts objects on its own to maintain memory availability. This is in contrast with ApplicationState and SessionState where the objects are kept until they are removed manually, or the Application ends or Session expires.
Session and Application states
You can put any object in the SessionState object and retrieve it elsewhere in your code. However, you need to cast it appropriately as the SessionState accepts object-s. E.g. if you store a number, when you retrieving it, you must do the casting yourself, just as you already did it.
The reason it doesn't work, is perhaps you're trying to retrieve it from within another user's SessionState. Yes, the SessionState is a per-user structure. If you need to add the value as from one device and use it on another, use ApplicationState:
Application["cost"] = cost;
Redirecting Response
Using this technique, you could force the browser to request another page from the server and specify the full query string, including the variables you need. E.g. :
var destination = Server.UrlEncode("/someOtherPage.aspx?cost=34.65");
Response.Redirect(destination);
As an alternative, you can use Server.Transfer("someOtherPage.aspx") to save the roundtrip. However, in that case, the browser doesn't change the address in the address bar so the user is misled that she browses one page, but in fact, it is the someOtherPage.aspx.
Before I ask this question, I'm not even sure what I'm using is a query string (I'm so clueless on this, what I have is the result of some other confusing StackOverFlow research). It is a parameter I'm passing from my SSRS report viewer to my app via a hyperlink expression. It works and everything is grand except for I'd like to clear it from the url right afterwards.
http://10.155.54.101/Update?CurrencyId=67
And I am getting the parameter with this logic on page load.
if (Request.Params["CurrencyId"] != null)
int CurrencyId = int.parse(Request.Params["CurrencyId"]);
I am successfully capturing that information and populating asp.net controls with it but I want to clear it from the address bar now as it lingers after submitting the update (postback?).
Through another Stack Overflow Answer: Clear QueryString on PostBack , I've attempted to clear the querystring through the following code.
Request.Params.Clear();
But I get a collection is read-only error, which is addressed in the stack overflow question above. So I try to use System.Reflection to change the read only property of the collection with the following code.
PropertyInfo Isreadonly = typeof(System.Collections.Specialized.NameValueCollection).GetProperty("IsReadOnly", BindingFlags.Instance | BindingFlags.NonPublic);
Isreadonly.SetValue(Request.Params, false, null);
Request.Params.Clear();
I don't get the error but nothing is removed, so I might not be referencing the querystring properly because of however the heck Request.Params works.
Can someone nudge me in the right direction with this? I'm so sorry I'm clueless as heck on this.
You can't just change the URL in the address bar of a browser. You could redirect the browser to the URL without the query string, but seeing how you are using the value to populate controls on the page being render that would mean you would need to still need to have that value.
When you say "it lingers after submitting the update", do you mean the user chooses the currency and is redirected to the the page with this query string? If so could you change this action to a POST instead of a GET? Then you could put the currencyId in the body of the POST. If you can't switch it to a POST, then there are a few ideas I listed below.
If you are using session, you could store the currencyId in the user's session. But that would only make sense if you needed to use this value on other requests; as using session is a big decision and if you can keep your website stateless you should.
With that being said, there are two viable options to keep your site stateless. If you need this value on future requests, you can store it in a cookie. If you only need it on this request, you could have the page do post to the URL without the query string but with the value in the POST body.
I wanted to use session to store one important information in it that I need very long (can't extend session life).
But session can expire off course :)
Problem is if user sit and do something I set value in session and if he goes off computer and return after few hours to continue this value will be lost.
My question:
If I save this value in hidden field instead of session will it be there forever (I mean while page is open)?
PS
I don't have time to test(waiting) that's why I ask :)
Depending on your requirements, you can go for a HiddenField. However, since you will be storing important information, make sure you ENCRYPT the value before assigning it to HiddenField. And Yes, this will be present for long.
One fairly good option you can also try is saving your information in ViewState. It doesn’t take up any memory on the server and doesn’t impose any arbitrary
usage limits (such as a time-out ). Moreover you can use the built-in Encryption facility provided by Asp.Net
ViewState["UserSSN"] = 1;
if (ViewState["UserSSN"] != null)
{
_userSSN= (int)ViewState["UserSSN"];
}
In case you are using ViewState, you must take countermeasures for its security. Simply turn on encryption for viewstate using the ViewStateEncryptionMode property of the Page directive:
<%#Page ViewStateEncryptionMode="Always" ... %>
Or you can set the same attribute in the web.config file:
<pages viewStateEncryptionMode="Always" />
They aren’t bulletproof, but they will greatly increase the effort an attacker would need in order to read or modify view state data.
Is there a way to pass a parameter to a controller without putting it on the URL?
For example,
http://www.winepassionate.com/p/19/wine-chianti-docg-la-moto
has the value 19 on the URL. If you actually change that value to another, the page displays a different record even it the page name remains the same.
So I would like to NOT pass the ID on the URL but still be able to pass that to the Controller.
What's the recommended way to do so?
You can do a post and send it as a form parameter. I do not recommend this. Posts should be for requests that modify data. In this case you're most likely looking just to get that data. The fact that the id is in the URL is a good thing (see the Stack Overflow URLs for reference). If you really don't want the user to be able to modify it (I hope it's not because you think this makes it more secure, because it doesn't), you could do some simple encryption on it to make it more difficult to guess/produce a valid ID.
Using TempData, as some other suggest, is not a robust solution. It won't work for links on a page, just a GET after POST, and then only once since TempData is deleted after the next request.
Well, you have a couple of options:
Is this a form post? If so, then you can simply add a specific key value pair to your form when you submit it and then data will be passed along.
Is the URL unique to that resource? i.e. Does "Wine-chianti-docg-la-moto" exist as a unique representation of the number 19 in a database somewhere? If so, then you can simply do a lookup of that route component in your database to retrieve the value you need (or push that logic all the way down to the database).
Is that a value that is not expected to change a bunch? You can set that value in Session or in a cookie that would be persisted across pages and then pull it from the respective collection.
Are you redirecting to this page from another request on your server? If so, then you can use TempData to store this temporary value. However, I would recommend against this approach, as it is very transient and not good practice imo.
Lastly, you can obscure the value on the URL if you dont want it to be easily user editable. Encrypt it with some algorithm, and then decrypt it on the destination page. The user will be unlikely to be able to alter the ID by typing in a different value in the URL.
If the page is a GET, and you are following the PRG like you should be (Post-Redirect-Get) then you can use TempData["dataName"] = value; in your [HttpPost] controller and then consume it in your [HttpGet] method. It really depends on how the page is being called.
However, there is nothing wrong in letting the user change that number if it is not security related, and is common practice to show non-vital information in the url like that.
You should use TempData in this case. A good read on this can be found on this blog.
TempData allows you to store a value temporarily between requests and is, by default, erased after being accessed.
// TempData samplepublic ActionResult Featured(){ var featuredProduct = new Product { Name = "Assorted Cupcakes", Description = "Delectable vanilla and chocolate cupcakes", CreationDate = DateTime.Today, ExpirationDate = DateTime.Today.AddDays(7), ImageName = "cupcakes.jpg", Price = 5.99M, QtyOnHand = 12 };
I am testing a few things here in a basic webpage, and I noticed something very odd. I'm not sure if this behavior is to be expected, but it does make me wonder...
I know I can get the Current User ID of the person currently logged in, like so:
#WebSecurity.CurrentUserId
And just to see how Sessions are used, I thought I'd just store (as an example) the CurrentUserId in a Session variable once the user logs in, like this:
#Session["UserIDthing"] = #WebSecurity.CurrentUserId;
And then on another page, I just output the session id (which should be exactly equal to 1, because thats what my UserId is), like this:
#Session["UserIDthing"]
But, instead of it outputting "1", it outputs minus 1 "-1". Why does this happen?
And just to make sure I was right about the user id, I outputted the user id using:
#WebSecurity.CurrentUserId
And it displayed the correct ID, which is just "1"
It probably has nothing to do with Session. Try to store the #WebSecurity.CurrentUserId some other way to ensure that the CurrentUserId has actually been set after the user logs in (maybe by logging it to a file or use a static variable for testing).
To assign a variable, you need a code block, not an output block. You should use:
#{ someVar = otherVar; }
The syntax you use:
#someVar = #otherVar;
is translated as (pseudo code):
Response.Write(HtmlEncode(someVar));
Response.Write(" = ");
Response.Write(HtmlEncode(otherVar));
Response.Write(";");
BTW: Why do you assign session variables in your view. This should be the responsability of the controller.