Using Session to store authentication?

Question

I'm having a lot of problems with FormsAuthentication and as as potential work around I'm thinking about storing the login in the Session?

Login:
Session["Auth.ClientId"] = clientId;

IsAuthenticated:
Session["Auth.ClientId"] != null;

Logout;
Session["Auth.ClientId"] == null;

I'm not really using most of the bells and whistles of FormsAuthentication anyway. Is this a bad idea?

What are the problems you're having with forms authentication? — Cylon Cat, Jun 03 '10 at 11:54

score 2 · Answer 1 · edited Dec 23 '14 at 16:34

I would not store any valuable information in the session.

For authentication I would use:

if (HttpContext.Current.User.Identity.IsAuthenticated)
{
    // Then u use 
    // this.User.Identity.Name as my membership_id so i could call this everywhere
}else
{
    //Redirect to Login
    //gettting my LoginPageAddress
    Response.Redirect(ConfigurationSettings.AppSettings["LoginPage"]);
}

Login is something like this:

FormsAuthentication.SetAuthCookie(membership_ID, false)

Anyway hope this helps

score 0 · Answer 2 · edited May 23 '17 at 10:27

0

i don't think it's an bad idea, i've seen plenty of sites using session together with a db to store auth data, however there are other ways to get around not using the formsauthentication tables but still be able to use things like roles.

How do I create a custom membership provider for ASP.NET MVC 2?

has good examples of that.

edited May 23 '17 at 10:27

Community

1
1

answered Jun 03 '10 at 11:52

Joakim

2,217
15
20

Using Session to store authentication?

2 Answers2