Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 8 years ago.
Improve this question
Suppose there is page which asks for user's name,age etc. and save it into cookie. Now user is navigating on your website and in between he/she deleted all the cookies and then navigates to the other page which uses these cookies. According to me the next page will get blank values right? How to handle this drawback? I don't want user to fill those details again.
Solution 1: You can use Query String (For Client Side Working)
Plus Point: very easy alternate of cookies.
Drawback : user can remove query string also.
Solution 2: You can use Session (For Server Side Working)
Plus Point : If user delete the cookies ...session value will be saved.
Drawback : Session store value on server so It's little time consuming work.
Solution 3 :You can save value direct into database.
Plus Point: all data stored will be saved permanently in your database.in future If user come on your site ...not required again user info.
Related
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 3 years ago.
Improve this question
user should sign off automatically after few minute, like 20-30 minute? and get back to the login page, even if they doing something on website, i'm using mvc5.
can IIS overwrite our web.config's session timeout changes ?
Identity server provides you with everything you need to handle session length and a variety of other features to suit your needs. Take a look at the following guide that will get you started in understanding identity server.
The timeout of each user gets checked against the identity server security store and you can renew / revoke access tokens as needed.
Getting started with identity server 4
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 6 years ago.
Improve this question
I am pretty new to mvc projects, and I have such an issue:
I have a page where is represented list of projects this is main page where user is redirected after logging in, and he has to click "choose" button to go to other pages which will be related to selected project, for example employees who work on that project, list of managers, users and so on. User should not be able to access these pages while he did not select project. So i have to store somewhere ProjectId which is selected, and on each his attempt to go to another page check whether this id is set or not.
Is there any special way to store this id and check is it set or not, and redirect user, not just by writing pretty strange method and use it in the beginning of each get request?
You can store the selection in the Session object when the user makes the selection. When the user tries to go to any URL, you can check the value in the Session object, and deny if it's not set.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 8 years ago.
Improve this question
I'd like to have a webpage where I enter certain details, and then submit and send a user a URL which takes them to another webpage where they fill in other details that are not the details I entered initially, but the values I entered are passed to their page, so I can access those values in code that I don't want them seeing or modifying. The URL I would want them to see would always be the same URL. What are my options here? The important things is that the parameters I pass cannot be modified.
If you have more than a few fields to pass, you should probably send the client some kind of ID (like a GUID) and use a database to look them up.
If you're dealing with a maximum of three or four fields, you could pass them as a querystring. Keep in mind as you're designing this that querystrings are visible to the end user - if they want to play with it, they can. You may be able to encrypt the data before you append it to the QS, but if you're going to go through that much trouble, you may as well just store it in a database and look it up. (It'll be a lot easier)
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 8 years ago.
Improve this question
Basically I have 1 set of admin pages. I can use a session variable with each users GUID, to make sure to edit the proper DB information.
If there are say 5 people editing a page that uses for example an ArrayList, will the ArrayList be shared by all people editing it, or will each version of the page have its own local ArrayList? Do I need to make everything session variables of some kind so data does not get mixed up with that of other users?
In ASP.NET. The page is rendered every time you ask to. If you create an ArrayList inside, it will be alive only for that particular page render cycle. It will be lost as soon as the page is rendered.
Using static variables inside your page to keep variables alive is a bad idea since they will keep alive over sessions. Regular variables will be gone as the page render cycle ended. If you want to persist data for the user's session only, use the HttpContext.Current.Session object to save the Session State.
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 9 years ago.
Improve this question
I have added functionality to my web app to allow someone to create an account with a password, which is then hashed and stored.
I would like to be able to allow the user to login to my site and use the pages within that check the user has access. Then after a period of time the session will expire and the user has to log in again.
It would also be good to have a logout button.
I am just wondering what is the best way to setup this kind of security as I have not done it before like this.
That wheel that you are making is nice for sure, but why not use one that has been invented already?
http://support.microsoft.com/kb/301240
As for sessions, you can use Session["NameOfSession"] to create a variable, don't forget to use Session.Abandon() though when a user logs out.
http://msdn.microsoft.com/en-us/library/ms178581.ASPX
As HTTP is offline protocol then there should be some extra-data being sent between client and server that makes server know you are logged on every request. The thing like this is cookie file that holds this information. On every request server checks this data and decides if you've already logged or not. Once you find the user's name and pass are OK you create this file, set its lifetime and attach to server response. After this the client browser will automatically send it to your server with each request. Once file is expired it will be automatically deleted by client browser.
You can maintain this functionality by hands or trust to FormsAuthentication.