Please start any new threads on our new
site at https://forums.sqlteam.com. We've got lots of great SQL Server
experts to answer whatever question you can come up with.
| Author |
Topic |
|
neojapanese
Starting Member
13 Posts |
 Posted - 2006-03-15 : 10:47:45
|
| i have been reading many asp.net bookswhere is a good place to hold user name and password while the user is on your side in a cookie or applicaion user variable?and if the user closes the navigator..what command removes the log in information ? |
|
|
twhelan1
Yak Posting Veteran
71 Posts |
Posted - 2006-03-15 : 14:20:41
|
This isn't really SQL Server related and should be in the ASP forum but anyway.You shouldn't store the password at all, and certainly never in a cookie unless you're going to implement some kind of encryption. In general you should store the user name in a session variable or a cookie (more on determining which in a minute). The password should be thrown away as soon as the user is authenticated. At that point, storing the user name along with a boolean value telling you that the user is logged in is sufficient as you shouldn't be doing authentication on every single page. Store what rights the user has in a database, determine at the onset of each operation if the user has rights to do what they're attempting to do by looking them up in the database.Should you use a cookie or a session/application variable of some sort? Well that depends. Do you want to retain information about that user after they've closed the page? If not, don't use a cookie, store the information locally in the session variables. If you want them to remain logged in even after they've closed the browser, then use a cookie. quote:
and if the user closes the navigator..what command removes the log in information ?
When the browser is closed there are quite a few events that are processed that handle garbage collection. There really isn't a specific command that clears it, though Session.Abandon will clear the session variables.As far as cookies go, your program won't automatically clear any user cookies. You generally create a cookie with a desired time-out. After that time-out period has passed the cookie is considered invalid and will not be processed.Hopefully that clears it up. A good FAQ on ASP.Net sessions can be found at [url]http://www.eggheadcafe.com/articles/20021016.asp[/url]Some basics on using cookies in ASP.Net [url]http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dv_vstechart/html/vbtchASPNETCookies101.asp[/url]Basics on security in ASP.Net [url]http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnbda/html/authaspdotnet.asp[/url]Hope that helps.~Travis |
 |
|
|
|
|
|
passwords and usernames