Re: is the HTTPCONTEXT.current.user content encrypted with session state??

From: Scott Allen (scott_at_nospam.OdeToCode.com)
Date: 01/19/05

Next message: MROPARTNER_at_comcast.net: "Re: Fill a form field using ASP ??"
Previous message: Scott Allen: "Re: Time based script - webservice"
In reply to: Kevin Yu: "is the HTTPCONTEXT.current.user content encrypted with session state??"
Next in thread: Kevin Yu: "Re: is the HTTPCONTEXT.current.user content encrypted with session state??"
Reply: Kevin Yu: "Re: is the HTTPCONTEXT.current.user content encrypted with session state??"
Reply: Kevin Yu: "Re: is the HTTPCONTEXT.current.user content encrypted with session state??"
Messages sorted by: [ date ] [ thread ]

Date: Wed, 19 Jan 2005 09:02:20 -0800

Session state is not sent to the client - only a cookie is sent to the client
with a session identifier. The server can examine the ID in the cookie and
look up the session state when a request arrives.

--
Scott
http://www.OdeToCode.com/blogs/scott/
> hi all
> 
> I use a custom windows principal to the httpcontext.current.user in a
> windows authenitcation asp.net app. There are other objects added to
> the
> principal. during the
> WindowsAuthentication_OnAuthenticate() call, the principal will be
> load
> rights for the current user alone with the roles. now I wonder if the
> USER
> object be encrypted and send to the client?
> what I my concern is when the roles and rights become large, it will
> effect the performance.
>

Next message: MROPARTNER_at_comcast.net: "Re: Fill a form field using ASP ??"
Previous message: Scott Allen: "Re: Time based script - webservice"
In reply to: Kevin Yu: "is the HTTPCONTEXT.current.user content encrypted with session state??"
Next in thread: Kevin Yu: "Re: is the HTTPCONTEXT.current.user content encrypted with session state??"
Reply: Kevin Yu: "Re: is the HTTPCONTEXT.current.user content encrypted with session state??"
Reply: Kevin Yu: "Re: is the HTTPCONTEXT.current.user content encrypted with session state??"
Messages sorted by: [ date ] [ thread ]

Relevant Pages

Re: persistant cookie, what is it?
... Why don't you use Session State? ... cookie to identify the client. ... All you need to do to not persist a cookie is not to set ... client until the domain is navigated away from, or the browser is closed. ...
(microsoft.public.dotnet.framework.aspnet)
Re: is the HTTPCONTEXT.current.user content encrypted with session state??
... HTTPCONTEXT is not part of the session state. ... hidden in the html to the client. ... >> rights for the current user alone with the roles. ...
(microsoft.public.dotnet.framework.aspnet)
Re: is the HTTPCONTEXT.current.user content encrypted with session state??
... transfered to the client. ... but is httpcontext.current.user content in the _VIEWSTATE string in the ... > Session state is not sent to the client - only a cookie is sent to the ... >> rights for the current user alone with the roles. ...
(microsoft.public.dotnet.framework.aspnet)
Re: Wont save session object
... URL: http://localhost/program.aspx it runs the session objects fine, ... Here is the session state object in my web.config file: ... > client machine's cookie setting. ...
(microsoft.public.dotnet.framework.aspnet)
Re: Forms Authentication and recycling web.config
... formsauthentication 's token is stored in cookie. ... stored in the client user's machine that's why it can remain even afte the ... And the session state are server side resources and by default it stored ...
(microsoft.public.dotnet.framework.aspnet)