Re: FormsAuthentication and Session

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

From: Lucas Tam <REMOVEnntp@xxxxxxxxxx>
Date: Mon, 01 Aug 2005 19:54:52 GMT

"Joe" <J_no_spam@xxxxxxxxxxxxxxxxxxxxxxxx> wrote in
news:#bjIadslFHA.320@xxxxxxxxxxxxxxxxxxxx:

> I'm using FormsAuthentication and need to track a user id (int) along
> with the user name. I was trying to store the user id under the
> Session but if the user closes the browser and opens another browser
> and goes back to the page the user is still logged in.
>
> I have 2 choices:
> 1 - Log the user out whenever the browser is closed
> 2 - Store the user id in a cookie.
>
> I would prefer option 1 but I don't know how to Sign out the user when
> the browser is closed and the session is no longer valid.

You can extend the IPrincipal and IIdentity
(FormsIdentitiy/GenericIdentity) interfaces to add custom data to your
user clasess.

This page sort of explains the process and does a bit more too:

http://www.codeproject.com/aspnet/rolesbasedauthentication.asp

--
Lucas Tam (REMOVEnntp@xxxxxxxxxx)
Please delete "REMOVE" from the e-mail address when replying.
http://members.ebay.com/aboutme/coolspot18/
.

References:
- FormsAuthentication and Session
  - From: Joe

Prev by Date: Re: Saved HTM File not displayed correctly
Next by Date: Re: Content Expiration Question
Previous by thread: FormsAuthentication and Session
Next by thread: Re: FormsAuthentication and Session
Index(es):
- Date
- Thread

Relevant Pages

Re: ASP sessionstate
... ASP doesn't know or care what browser it ... ticket number given when the first item is added to the cart. ... How can a Response.Write write to the server screen? ... :> delete the cart file and set the session ...
(microsoft.public.inetserver.asp.general)
"Compaq Web Agent" management session can be re-used without the need to perform authentic
... destructive actions (as server reboot). ... Compaq Web Agent Service 6.0.0.0 using Compaq HTTP Server 5.1.0 on ... servers via a secured HTTP session from a browser client, ... via a legitimate authenticated SSL session - if he closes the session by ...
(Bugtraq)
Re: Attempt to de-mystify AJAX
... >>maintaining a session via URL is not a problem. ... >> around cookies and JS, but it seems to be tough. ... >> as needed back to the server. ... but as I mentioned before - a non-dynamic request by the browser can ...
(comp.databases.pick)
Re: Problem with a session
... Your first posting was a bit vague, but now I understand your problem. ... the POSTDATA and sets againg the session variable to true and anyone ... This IS a real problem, and you cannot 100% solve it. ... try to tell the browser NOT to chache it. ...
(comp.lang.php)
Re: php session without cookie useage
... >>> browser or the application to maintain the state if needed. ... >>> transfer a session key created on login to subsequent pages via a POST ... >>> browser via a cookie or via POST or GET. ... > That may block legitimate users using a round-robin proxy (different ...
(comp.lang.php)